Orange confirms it suffered breach after hacker leaks company documents

(Image credit: Shutterstock) (Image credit: Shutterstock)

A hacker named Rey exfiltrated tens of thousands of records from Orange Romania
They demanded payment, but Orange refused
The company is now investigating claims of data theft

Orange Group has confirmed suffering a cyberattack recently, but has said it is still looking into claims of valuable data was stolen.

A member of the HellCat ransomware organization, alias Rey, held access to a “non-critical application”, belonging to Orange Romania, the company’s local branch. They obtained the access by exploiting compromised credentials and flaws in Jira.

The hacker recently started exfiltrating data from the app, and later told BleepingComputer they pulled 380,000 unique email addresses, source code, invoices, contracts, and customer and employee information. In total, they grabbed some 12,000 files, weighing roughly 6.5GB, and while this wasn’t a ransomware operation, the hacker did leave a ransom note and did try to extort the company for money. Orange, however, did not initiate any negotiations, prompting the attacker to release the data on the dark web.

Confirming the attack

Soon after, Orange confirmed it did suffer a cyberattack and that it was looking into the matter.

"Orange can confirm that our operations in Romania have been the target of a cyberattack," a company representative said. "We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application.”

The publication also analyzed a data sample and said that, while verified, it was “quite old”.

Some email addresses were used by individuals that worked, or collaborated with, Orange Romania, more than half a decade ago. Other names and email addresses belonged to Yoxo customers, Orange’s subscription service with no contract period, meaning it is difficult to determine if the data is still valid, or not.

Some of the partial payment card information found had expired long ago, BleepingComputer added.

Telefónica says it was hit by systems breach, internal data leaked online
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.