This Sunday, a person posted a file online containing the personal data of hundreds of the company’s customers.
A leak of particularly sensitive information. On September 4, a person published on a forum the personal data of customers of Orange Cyberdefense, a subsidiary of Orange specializing in the provision of cybersecurity services. Claiming that this file matters “1,584 customer data” of the company, it is really the number of lines included in the document, explains The world. The exact number of victims affected is thus still unknown, but Orange Cyberdefense speaks of “hundreds of customers”.
Among the personal information identified in the leak are the name, first name, telephone number and email address of the IT manager of the affected companies, including town halls, hospitals and the media. The latter are customers of Micro-SOC, the Orange Cyberdefense solution designed to detect and prevent attacks on the workstations and servers of organizations and companies.
Data that can be exploited by cybercriminals
Having confirmed the publication of the file on a specialized forum, the Orange subsidiary indicated that investigations are in progress and that measures have been taken to warn the customers concerned as well as the competent authorities.
Personal information concerning IT managers or people in charge of the cybersecurity of organizations, they could be used by cybercriminals posing as them in order to target the French companies affected by the leak. They could, for example, use it for phishing campaigns, a technique consisting of sending an email or an SMS to a victim by usurping an identity, in particular with the aim of encouraging him to communicate personal information. With Orange Cyberdefense customers, it could, for example, allow cybercriminals to steal identifiers and gain access to the computer system of victims. According a report by Cybermalveillance.gouv.frthis technique was the main cyber attack encountered by individuals and professionals last year.
This risk is in addition to the numerous cyberattacks affecting organizations in France, in particular hospitals. Targeted by an attack with a ransom demand more than two weeks ago, the South Ile-de-France Hospital Center of Corbeil-Essonnes is still idling, with its emergency department operating at 50% capacity.