Bouygues Telecom has confirmed a cyberattack that exposed personal data for 6.4 million customers. The company says the incident occurred on Sunday, August 4, 2025, and affected a large subset of its user base. Authorities and regulators have been notified and an internal investigation is ongoing.
Bouygues Telecom reported the attack in a public FAQ and press statement following internal discovery on August 4. The company said internal teams resolved the intrusion quickly and implemented additional security measures. Bouygues informed the French National Cybersecurity Agency (ANSSI) and the data protection authority CNIL.
A company statement described the incident as the work of a “known cybercriminal group” that targeted “specific internal resources.” The company said it blocked the attacker’s access and increased monitoring of its systems.
What data was exposed in the Bouygues Telecom data breach
Bouygues Telecom says the breach exposed customer account data but did not include payment card numbers or account passwords. The company listed the types of information involved:
- Contact details
- Contract information
- Civil status data
- Company details for business customers
- International Bank Account Numbers (IBANs)
The presence of IBANs raises potential fraud and phishing risks even though Bouygues says card numbers and passwords were not taken.
Company response and official statements
Bouygues Telecom framed the incident in measured terms. In translated remarks, the operator wrote:
“Bouygues Telecom was the victim of a cyberattack that allowed unauthorized access to certain personal data from 6.4 million customer account.”
The company added: “The situation was resolved as quickly as possible by Bouygues Telecom’s technical teams, and all necessary additional measures have been implemented.”
Customers are being informed directly by SMS and email, the firm said. Bouygues also warned that the perpetrator could face criminal penalties under French law and that investigations remain active.
Bouygues Telecom has alerted customers to elevated phishing and fraud risk following the breach. The company is advising customers not to disclose login credentials or sensitive details to callers who claim to represent Bouygues, and to check bank statements and report suspicious activity to their banks.
The firm stressed there was no observed impact on customer services or network operations at the time of its statement. Investigations to confirm whether additional data was stolen remain underway.
Broader context: telecom sector under pressure
The Bouygues Telecom data breach follows similar incidents affecting European telecom providers. Orange disclosed a network breach on July 25, 2025, and observers note parallels with attacks on other carriers. Those incidents reflect ongoing threats to the sector from organized cybercriminal groups and nation-state actors.
Bouygues Telecom says it has notified regulators, blocked the attacker’s access, and is continuing its investigation. The company will update customers and authorities as new findings emerge.
