France's second largest ISP - Free reports data breach exposing 19 million
Learn More
Free, France’s second-largest Internet Service Provider (ISP), confirmed a significant data breach that compromised sensitive customer information.
The breach was made public after customer data appeared for sale on BreachForums, an underground data marketplace.
The breach was first discovered when a threat actor, operating under the alias “drussellx”, began auctioning off customer data on BreachForums. According to the hacker’s claims, the breach impacted 19.2 million customers, affecting both Free Mobile and Freebox users. The leaked information reportedly includes 5.11 million International Bank Account Numbers (IBANs), primarily from Freebox subscribers.
The exposed data includes
- personal information
- bank account details
The nature of the attack is not disclosed.
Free launched an investigation and notified relevant French authorities. The company claims that no customer passwords, credit card details, or communication content—such as emails, SMS, and voice messages—were compromised.
Affected customers have been or will be informed via email about the breach, its impact, and recommended steps to protect themselves from further harm.
Free's spokesperson assured customers that there has been no operational impact on its services or activities, emphasizing that "all necessary measures were taken immediately to end the attack and strengthen system protections." The ISP continues to work with cybersecurity experts to investigate the breach and prevent similar incidents in the future.
The stolen data is being actively auctioned, with the threat actor offering database samples and allowing potential buyers to verify its authenticity.
