The leaked Orange database supposedly includes full customer names, national ID numbers, and other personally identifiable information (PII) belonging to the mobile carrier’s customers. Meanwhile, Orange says the company doesn't operate in Rwanda.
Attackers uploaded the post to a popular data leak forum, claiming they had obtained over 1 million lines of data from Orange Rwanda. Orange is a French multinational telecommunications company, one of the largest in the world.
We have reached out to the company and while Orange did not provide a statement, the company's representatives said that the company doesn't operate in Rwanda.
According to the cybercriminals, the exposed details include numerous details that expose the company’s clients, including:
- Customer IDs
- Names
- National IDs
- Location information
- ID cards
- Other customer details
The Cybernews research team investigated the data sample attackers attached to the post. According to the team, the sample did include the customer information that the post’s authors described.
Malicious actors could exploit the leak to target Orange Rwanda customers with identity theft, fraud, and social engineering attacks. The latter would likely involve threat actors impersonating the carrier's staff to obtain more sensitive personal details.
Another risk is SIM swapping, a practice where scammers transfer a victim’s telephone number to a SIM card that’s in their possession. SIM swapping is a major security threat as phone numbers often serve as the primary means for multi-factor authentication (MFA).
Exposed individuals should be wary of suspicious emails and calls, as well as vigilant about any unprompted activity on their accounts.
Interestingly, the malicious actors behind the alleged Orange Rwanda data leak, HawkSec, are the same group that claimed to have obtained 78 million files from the popular social media platform Discord.
The data that cybercriminals allegedly obtained is information that malicious actors could easily utilize for nefarious purposes, such as impersonation, account takeover, and doxxing.
However, as the attackers did not provide data samples for the alleged Discord data leak, our researchers are cautious about giving the hacker collective credit.
Meanwhile, Orange has suffered from hacker attention over the last several years. For example, last year the company detected a cyberattack on one of its information systems, but explained that no customer data was exfiltrated.
In August 2025, Orange Belgium announced it had discovered a cyberattack on one of its IT systems, resulting in unauthorized access to personal data from 850,000 customer accounts.
Earlier the same year, the Babuk ransomware gang announced it managed to syphon 1TB of data from the French telecoms behemoth.
Updated on January 22nd [09:55 a.m. GMT] with a clarification from Orange.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked