Paris – Orange SA, one of the world’s largest telecom companies, has confirmed a cyberattack that resulted in the theft and leak of approximately 4GB of sensitive business user data, published on the dark web in early August. The company first detected the breach in late July and notified national authorities.
The attack has been attributed to Warlock, a ransomware group that leases its malware to criminal affiliates. The malicious software encrypts victims’ systems and demands ransom payments in exchange for restoring access. In this case, the hackers exfiltrated data before releasing it publicly.
An Orange spokesperson confirmed the breach but downplayed its severity, noting that the threat actor had only “limited access” and was able to extract “outdated or low-sensitivity data.” The company said affected businesses were warned in advance and that Orange has been working closely with them and regulators since the incident.
This marks at least the third security incident for Orange in 2025. In July, its Belgian division suffered a breach exposing customer data, while another attack led to employee data from its Romanian unit appearing on the dark web.
The string of incidents underscores the mounting cybersecurity challenges facing telecom operators, which manage vast volumes of personal and business data critical to global communications.
