France’s second-largest internet service provider (ISP), Free, has confirmed a significant data breach affecting some of its 22.9 million subscribers. The Free cyberattack, revealed after the attempted sale of allegedly stolen customer data on a cybercrime forum, targeted a management tool within Free’s system. This allowed unauthorized access to certain personal information.
The Scope of the Free Cyberattack
While Free has not disclosed the precise date or the exact number of affected accounts, the company has emphasized that no sensitive financial data was compromised. This includes bank details, passwords, and the content of communications. The company stated to Agence France-Presse (AFP) that the impact was limited to a management tool.
“There was no operational impact on its services,” Free confirmed.
Immediate Response and Legal Compliance
In response to the Free cyberattack, Free immediately filed a criminal complaint with the public prosecutor. This action is in line with French law, which mandates notification of data breaches to relevant authorities. The company also reported the incident to the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI).
This proactive approach demonstrates Free’s commitment to transparency and legal compliance. The company also implemented various cybersecurity measures to prevent further unauthorized access and strengthen its system defenses. Affected subscribers are being or will be notified via email.
Free’s statement highlighted that it “took all necessary steps immediately to end this attack and strengthen the protection of our information systems.”
Comparison with Recent French Telecom Incidents
Free data breach follows a similar incident involving SFR, another major French telecom provider, just over a month prior. SFR’s security breach exposed customer banking details and other personal data, allegedly through an attack on its customer order management system. These back-to-back incidents underscore the growing concern about cybersecurity vulnerabilities within the French telecom sector, particularly within customer management systems.
The Role of French Cybersecurity Authorities
The involvement of CNIL and ANSSI is crucial in this Free cyberattack investigation. CNIL enforces data protection laws, ensuring responsible handling of personal information, while ANSSI provides strategic guidance and response coordination during significant cyber incidents. Their involvement reflects France’s robust cybersecurity framework and commitment to addressing data breaches effectively.
Impact on Free Subscribers and the Broader Cybersecurity Landscape
For Free subscribers, the cyberattack is understandably concerning. However, Free’s assurance that no sensitive financial data was accessed should alleviate fears of immediate financial fraud. Nevertheless, the incident highlights the risks associated with compromised management systems, even if the immediate impact appears limited. Subscribers are advised to remain vigilant against suspicious activity and follow any recommendations provided in the notification email.
The series of attacks on major French telecom companies points to a worrying trend. The increasing targeting of customer management systems and critical infrastructure within telecoms puts immense pressure on French ISPs and providers to invest in robust cybersecurity measures. The situation has prompted calls for stricter industry-wide standards and continuous upgrades to defenses against sophisticated cyber threats. The Free cyberattack serves as a stark reminder of the importance of vigilance for both companies and subscribers alike.
