Hackers steal 1.3 million Orange customers' personal data

Magnifying over data Image copyright Reuters
Image caption Affected Orange France customers are at risk of Phishing scams

Hackers have stolen the personal data of 1.3 million customers from the French branch of mobile network operator and internet service provider Orange.

The hackers have access to names, email addresses and phone numbers.

Orange France has been aware of the hack since 18 April but delayed announcements to asses the damage.

Earlier this year, Orange saw the personal data of 800,000 of its clients stolen in a similar attack.

"For the people concerned, the data recovered includes their first names and surnames," an Orange representative said.

"In addition, depending on the information supplied, email addresses, mobile and fixed-line phone numbers, the identity of the person's internet operator and their date of birth, were also recovered."

Orange was not able to say whether the stolen data was encrypted, although the company has warned customers that the theft could be used to contact those concerned by email, SMS or phone, particularly for phishing purposes.

Customers have expressed their anger at the situation on the company's Facebook page and across Twitter.

An Orange representative said: "All necessary actions have been implemented to correct the relevant technical dysfunctions and to prevent any new illegitimate access to this data."

Phishing for data

Phishing is a process of acquiring sensitive information, such as passwords or bank details, by indirect means, often using social engineering techniques to deceive users.

A typical phishing email will provide a link to a cloned version of a legitimate website, which hackers can then use to harvest login details from unsuspecting individuals.

Some Orange France customers are now at more risk from these attacks than others - if you think you may be at affected, guidance from Get Safe Online suggests users should check that websites are secure before entering any private information.

Basic measures such as ensuring the padlock symbol in the address bar is visible when entering an alleged secure website could save many individuals from becoming victims of a phishing scam.

A similar instance of data theft within the telecommunications industry occurred in September 2013, which saw Vodafone Germany fall victim to a hacker who claimed to have stolen the personal data of two million customers.

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites