What happened in the alleged Orange telecommunications breach?

Babuk ransomware has claimed a breach of Orange, the French multinational telecommunications company. The group posted claims on the dark web about a cyberattack that allegedly occurred on Sunday, March 16th. They claim to have stolen 4.5 terabytes of 'very detailed' information from Orange's systems, specifically targeting 'all information related to orange.com and orange.ro from Romania.'

Has Babuk provided evidence of the Orange breach?

To demonstrate the validity of their claims, the group has uploaded a 6.44GB sample of the allegedly stolen data. They are threatening to publish 1TB of the stolen data if Orange does not engage in negotiations, warning that 'there is still a lot more that we stole, the sample is not much.'

What type of data was allegedly stolen in the Orange breach?

According to the hackers' claims, the stolen information includes email addresses, customer records, source code, internal documents, invoices, contracts, projects, tickets, user data, employee data, messages, credit cards, call logs, and other personally identifiable information (PII).

What did researchers find in the sample data provided by Babuk?

Cybernews researchers who reviewed the provided 6.44GB sample believe the claims might be credible. The sample contains Orange internal documents including employee data (names, usernames, email addresses, time zones), lists of various Jira projects related to the Orange.ro domain, a folder called 'issues' containing 235 files detailing tasks, a file named 'pii_extracted' with email addresses and phone numbers, and a folder called 'Files' containing approximately 8,600 internal documents with filenames suggesting sensitive information.

What is Babuk ransomware?

Babuk is a ransomware group that operates with a double extortion model – first stealing data before encrypting systems, then threatening to publish the stolen information if victims don't pay a ransom. They typically target large organizations and have been active in high-profile attacks against various companies and institutions.

Incident

Babuk ransomware gang clams breach of French telecom provider Orange

published: March 19, 2025

Learn More

Babuk ransomware has claimed a breach of Orange, the French multinational telecommunications company.

Babuk posted claims on the dark web about a cyberattack against Orange that allegedly occurred on Sunday, March 16th. The cybercriminals claim to have stolen 4.5 terabytes of "very detailed" information from Orange's systems, specifically targeting "all information related to orange.com and orange.ro from Romania." To demonstrate the validity of their claims, the group has uploaded a 6.44GB sample of the allegedly stolen data.

The ransomware group is threatening to publish 1TB of the stolen data if Orange does not engage in negotiations, warning that "there is still a lot more that we stole, the sample is not much."

According to the hackers' claims, the stolen information includes:

Email addresses
Customer records
Source code
Internal documents
Invoices
Contracts
Projects
Tickets
User data
Employee data
Messages
Credit cards
Call logs
Other personally identifiable information (PII)

Cybernews researchers who reviewed the provided 6.44GB sample believe the claims might be credible. The sample contains Orange internal documents including:

Employee data (names, usernames, email addresses, time zones)
Lists of various Jira projects related to the Orange.ro domain
A folder called "issues" containing 235 files detailing tasks related to system configuration, monitoring setup, user management, and feature development
A file named "pii_extracted" with email addresses from orange.com, tremend.com/ro, and publicissapient.com domains, along with phone numbers
A folder called "Files" containing approximately 8,600 internal documents with filenames suggesting sensitive information such as customer conversations, financial data (balances, invoices, conversion rates), and other employee and client information

It's not clear whether this claimed breach is just another repost of the already confirmed breach of Orange Romania, or is a much bigger attack.

The exact number of affected individuals and the financial impact of this alleged breach have not been disclosed.

Babuk ransomware gang clams breach of French telecom provider Orange

Read More
Ransomware gang Hunters International claims breach of German …
HCRG Care Group investigates ransomware attack after gang …
Everest ransomware gang claims breach of BMW
Embargo ransomware gang claims breach of American Associated …
Hong Kong consumer watchdog suspects data leak after …