Orange confirms it suffered breach after hacker leaks company documents

News
By
published

Company confirms the hack, but says it's investigating data theft claims

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • A hacker named Rey exfiltrated tens of thousands of records from Orange Romania
  • They demanded payment, but Orange refused
  • The company is now investigating claims of data theft

Orange Group has confirmed suffering a cyberattack recently, but has said it is still looking into claims of valuable data was stolen.

A member of the HellCat ransomware organization, alias Rey, held access to a “non-critical application”, belonging to Orange Romania, the company’s local branch. They obtained the access by exploiting compromised credentials and flaws in Jira.

The hacker recently started exfiltrating data from the app, and later told BleepingComputer they pulled 380,000 unique email addresses, source code, invoices, contracts, and customer and employee information. In total, they grabbed some 12,000 files, weighing roughly 6.5GB, and while this wasn’t a ransomware operation, the hacker did leave a ransom note and did try to extort the company for money. Orange, however, did not initiate any negotiations, prompting the attacker to release the data on the dark web.

Confirming the attack

Soon after, Orange confirmed it did suffer a cyberattack and that it was looking into the matter.

"Orange can confirm that our operations in Romania have been the target of a cyberattack," a company representative said. "We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners. There has been no impact on customers’ operations, and the breach was found to occur on a non-critical back office application.”

The publication also analyzed a data sample and said that, while verified, it was “quite old”.

Some email addresses were used by individuals that worked, or collaborated with, Orange Romania, more than half a decade ago. Other names and email addresses belonged to Yoxo customers, Orange’s subscription service with no contract period, meaning it is difficult to determine if the data is still valid, or not.

Some of the partial payment card information found had expired long ago, BleepingComputer added.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
SanDisk Desk Drive

Sandisk quietly introduced an 8TB version of its popular portable SSD, and I just hope they solved its previous big data corruption issue
mobile phone

Popular Android financial help app is actually dangerous malware
Codeacademy homepage

Looking to upskill your coding game? Take advantage of this exclusive discount from Codeacademy
See more latest