Español
Bouygues Telecom, France’s third-largest mobile network operator, has disclosed a significant cybersecurity incident that compromised the personal data of over 6 million customers.
In an official statement, the telecom provider confirmed that a cyberattack on August 4 resulted in unauthorized access to 6.4 million customer accounts. While the company acknowledged detecting the breach, it did not specify how long the threat actors maintained access or when containment efforts were completed.
According to a dedicated support page for affected individuals, the attackers gained access to a wide range of sensitive information, including:
- Contact details
- Contract-related data
- Civil status (or company data for business accounts)
- IBANs (International Bank Account Numbers)
Bouygues, which serves nearly 27 million mobile customers, emphasized that the incident has been reported to CNIL, France’s data protection authority.
Notably, the webpage containing details about the breach was configured with a “noindex” directive—a hidden tag in the HTML code that prevents search engines from listing the page in search results. This limits public visibility of the disclosure and could hinder customers looking for information about the incident.
At the time of writing, Bouygues had not responded to media inquiries seeking clarification about the breach, including the rationale behind suppressing the visibility of its incident report.
This breach follows closely on the heels of another high-profile cyberattack involving Orange, the largest telecom provider in France and one of the world’s biggest operators. On July 29, Orange warned customers of potential service disruptions as it worked to isolate systems that may have been affected.
Why This Matters
With critical industries like telecommunications increasingly targeted by cyberattacks, this incident at Bouygues Telecom highlights the growing threat landscape and the importance of proactive security measures. For organizations handling high volumes of customer data, investing in robust threat detection, compliance strategies, and incident transparency is no longer optional—it’s essential.
