Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

France’s second-largest telecoms provider Free suffered a cyber attack

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers. Free disclosed a cyber attack over the […]

breachforums Free data breach

Source X

French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information.

Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers.

Free disclosed a cyber attack over the weekend after a threat actor attempted to sell the stolen data on a popular cybercrime forum. The threat actors had access to the internal management tool and gained access to some subscribers’ personal data.

“Free was “the victim of a cyberattack targeting a management tool” leading to “unauthorized access to some of the personal data associated with the accounts of certain subscribers ,” the second largest telephone operator in France confirmed to Agence France-Presse (AFP) on Saturday, October 26.

“No passwords” , “no bank cards” , “no content of communications (emails, SMS, voice messages, etc.)” are affected by this attack, the date and extent of which have not been specified, the company added. “No operational impact has been observed on (its) activities and (its) services. “”

The telecommunications firm has filed a criminal complaint and informed France’s agencies National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI).

The company said that passwords and bank card details were not compromised, it also pointed out that its customers’ communications were not exposed.

The seller listed two databases for sale one containing 19,192,948 customer accounts and another including 5.11 million IBAN details.

The seller also published a sample of the stolen data and some screenshots.

Exposed customers’ data includes First and last names, Phone numbers, Full postal addresses, Dates of birth, Emails, and more.

“This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” wrote the cyber evangelist SaxX. “Additionally, the cybercriminal’s profile was created just yesterday. Recently, many cybercriminals have been creating profiles shortly before sharing information about hacks, attacks, or data leaks in France.”

“Thus, this information should be taken cautiously until confirmed. There has been a rise in the use of AI-generated data leaks, a trend I mentioned weeks ago.”

Free data breach
Source X account SaxX

The company has promptly taken measures to mitigate the security breach.

“All necessary measures have been taken immediately to put an end to this attack and strengthen the protection of our information systems,” stated Free.

Recently, Telecom operator SFR disclosed a data breach exposing customer information, including IBANs.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)