Breach confirms the Orange Group after Hacker Company looks

A hacker claims that after violating the systems of the Orange Group, a leading French telecommunications operator and digital service provider, of having stolen thousands of internal documents with user records and employee data.

The threat player published details on the stolen data in a Hacker forum after trying to blackmail the company.

Orange confirmed the violation of Bleeping computer that it occurred in a non -critical application. The company has integrated an investigation and is working on minimizing the effects of the incident.

According to the threat actor who uses the alias Rey and is a member of the Hellcat Ransomware Group, the stolen data mainly comes from the company Romanian branch of the company and contains 380,000 clear e -mail addresses, source code, invoices, contracts, customer and employees .

Rey told Pleping Computer that the violation was not a hell -ransomware operation and that they had access to orange systems over a month.

On Sunday morning they started to start company data for ex -filting, and the activity lasted about three hours without the company recognizing them.

Some patterns shared with Bleeping computers show E -Mail addresses of former and current orange -colored Romania employees, partners and contractors as well as details for payment cards from Romanian customers.

Some of the data we prompted were pretty old. For example, some of the E -Mail addresses were used by people who had worked with orange -rounds more than five years ago or worked with orange Romania.

In the sample with partial payment card information, we found many cases in which the data had expired. The leak also contains e -mail addresses and names of Yoxo customers, the subscription service of Orange without a contract period.

Rey says that they stolen almost 12,000 files with a total value of 6.5 GB after the systems were endangered by orange by compromised login information and weaknesses in the company's Jira software for error/expenditure tracking and internal portals.

The threat actor told us that they had a ransom note falling on the compromised system, but Orange had not initiated any negotiations.

Bleeping computer turned to both Orange Group with a request for comments, and the company said they had examined the matter. While Orange Romania did not answer with an official explanation, an orange spokesman informed us that they discussed internally about the incident and the steps for a reduction.

“Orange can confirm that our operations in Romania were the goal of a cyber attack,” a representative of the company told bleeping computer.

The company's representative said that their “cyber security and IT teams work hard to evaluate the extent of the violation and to minimize the effects of this incident”.

“We strive to provide regular updates. In addition, we strive to meet all legal obligations associated with such incidents, and we cooperate with the responsible authorities in order to solve this matter, ”the rest of the explanation says.

Rey told us that they had violated orange independently of each other, but are part of the Hellcat Ransomware Group, who claimed attacks on Schneider Electric and the Spanish telecommunications company Telefónica.

In both violations, the Hacker Jira servers aimed and scratched or stole 40 GB of data or 2.5 GB documents.