Orange Belgium has confirmed a major data breach affecting 850,000 customers, with hackers gaining unauthorized access to personal details in a cyberattack. The telecom giant stated that while no passwords, email addresses, or financial data were compromised, the breach exposed names, phone numbers, SIM card numbers, Personal Unblocking Key (PUK) codes, and tariff plans.
The intrusion was detected at the end of July, and the company took immediate action to block access to the affected IT system and tighten security. Authorities have been notified, and Orange Belgium has filed a formal complaint with the judiciary.
Orange Belgium is currently notifying all affected customers via email and SMS, urging them to remain vigilant. The exposed information, while not classified as “critical” by the company, could still be used for targeted phishing scams or social engineering attempts. The combination of names, phone numbers, and SIM card details provides a potent toolkit for fraudsters to impersonate Orange or other entities.
SIM swapping allows a criminal to transfer a victim’s phone number to a new SIM card under their control, enabling them to intercept messages and two-factor authentication codes. This could lead to a takeover of accounts and potential financial loss.
This incident marks the third cyber event involving Orange this year. The company’s parent, Orange Group, reported a separate cyberattack on its French operations in July, though it claimed no customer data was exposed. In February, Orange’s Romanian branch also confirmed a data breach. The frequency of these attacks is raising industry-wide concerns about a possible coordinated campaign targeting European telecom providers.
The telecom provider is advising its customers to be cautious of any suspicious communication and to never share sensitive information. While Orange has implemented new security measures, experts are criticizing the company for downplaying the severity of the breach and not providing clear guidance on changing PUK and SIM numbers.
