French telecommunications provider Orange Group has admitted that a hacker has stolen thousands of internal documents with user records and employee data.
On a hacker forum, a threat actor called ‘Rey’ claims to have stolen over 600,000 customer records, including 380,000 unique email addresses. In addition, he says he’s in the possession of source codes, internal documents, invoices, contracts, tickets, user data, employee information, and classified files outlining future project plans.
The threat actor has told BleepingComputer that he’s a member of the HellCat ransomware group, but that the data breach wasn’t a HellCat ransomware operation.
HellCat is a well-known ransomware group that has claimed responsibility for cyberattacks on Schneider Electric and Spanish telecommunications company Telefónica, stealing 40GB and 2.3GB of sensitive corporate data respectively.
Rey claims he had access to Orange’s corporate network for over a month. He says he stole almost 12,000 files, for a total of 6.5GB. To access the internet service provider’s systems, he exploited compromised credentials and vulnerabilities in the company’s Jira software, which is used to report and track bugs and other issues.
The hacker said that he left a ransom note on the compromised systems, but Orange never responded to the letter.
The editorial staff of BleepingComputer received a sample of the stolen data, confirming its legitimacy. The documents contained information from former and current Orange Romania employees, partners, and contractors, along with partial details for payment cards belonging to Romanian customers.
At the same time, the tech site found that some of the data was outdated and had expired.
BleepingComputer reached out to both Orange Group and Orange Romania. In a joint statement, the companies confirmed that the incident took place and was discussed internally.
“We took immediate action, and our top priority remains protecting the data and interests of our employees, customers, and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application,” Orange stated.
According to the rest of the statement, cybersecurity teams are working hard to assess the scope of the data breach and minimize the impact of the incident. Additionally, Orange is working closely with law enforcement authorities to solve the incident.
Your email address will not be published. Required fields are markedmarked