Orange Data Breach: Over 600K Customer Records Exposed
In February 2025, telecom giant Orange fell victim to a major data breach after refusing to comply with a ransom demand from a threat actor known as HELLCAT (The Member identified as Rey). The exposed data, primarily from Orange Romania, also includes sensitive files from multiple global divisions.
What was leaked?
➡️ 600K+ customer records (380K unique emails)
➡️ Source codes & internal documents
➡️ Invoices, contracts & project files
➡️ User data & employee information
➡️ Messages, credit card data, call logs & PII
The stolen data was later shared with a security researcher, and Orange officially confirmed the breach on February 24. A day later, the full dataset surfaced on BreachForums, a well-known hacking forum.
💬 Orange’s Response:
The company stated that the breach impacted a « non-critical application », and they have launched an investigation to assess the damage and mitigate risks.
⚠ The Takeaway:
This incident highlights the growing risk of cyber extortion and the importance of robust security measures. Organizations must:
✅ Implement proactive threat detection
✅ Enforce strict access controls
✅ Strengthen incident response & data protection policies
As cyber threats evolve, staying ahead of attackers is not an option it’s a necessity.