Orange, one of the world’s largest telecommunications providers, has disclosed a cyberattack on its network that led to operational disruptions for some customers in France. The breach was detected on Friday, July 25, and swiftly contained by Orange Cyberdefense—the cybersecurity arm of the company.
“On Friday, July 25, the Orange Group detected a cyberattack on one of its information systems. Immediately alerted, with the support of Orange Cyberdefense, the teams mobilized fully to isolate the potentially affected services and limit the impact,” the company stated.
The affected system was promptly isolated from the rest of the network to prevent further intrusion. While the company worked to mitigate the threat, this containment caused disruptions to various services and management platforms. The impact was largely limited to French business customers and a few consumer-facing services. Orange stated that full service restoration was expected by the morning of Wednesday, July 30.
“These isolation operations resulted in the disruption of certain services and management platforms for some of our business customers and for a few consumer services, mainly in France,” Orange noted.
So far, there is no indication that any customer or internal data was stolen. Investigations are ongoing, and Orange says it has notified authorities and lodged a formal complaint.
“At this stage of the investigation, there is no evidence to suggest that any customer or Orange data has been extracted. We remain vigilant in this regard,” the company confirmed.
Although Orange has not attributed the attack to any specific threat actor, the incident shares traits with a broader wave of breaches that have targeted telecommunications providers globally. These include attacks attributed to China’s state-sponsored threat group known as Salt Typhoon.
Salt Typhoon has been linked to a campaign that compromised major U.S. telecom firms such as AT&T, Verizon, Lumen, Charter Communications, and Windstream, according to disclosures from the FBI and CISA. The group has also targeted global operators. Recently, Comcast, Digital Realty, and Viasat were among the companies suspected of being compromised as part of the same campaign.
This is not Orange’s first brush with a cybersecurity incident in 2024. In February, its Romanian subsidiary suffered a breach of a non-critical application. The threat actor, operating under the alias “Rey,” claimed to have accessed internal documents including employee data, user records, source code, contracts, invoices, and nearly 380,000 email addresses.
Orange serves a customer base of 294 million across Europe, Africa, and the Middle East. This includes 256 million mobile subscribers and 22 million fixed broadband users. Under its Orange Business brand, it also delivers IT and telecom services to multinational enterprises. With over 125,000 employees globally, the company reported revenues of €40.3 billion in 2024.
