French Telecom Giants Fined €42 Million Over 2024 Data Breach
On January 14, 2026, France’s data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), imposed a combined €42 million fine on telecom operators Free Mobile (€27 million) and Free (€15 million), both subsidiaries of Iliad. The penalties stem from a cyberattack in October 2024, during which an unauthorized actor breached the companies’ systems and accessed personal data tied to 24 million subscriber contracts.
CNIL determined that the operators had failed to implement adequate security measures, leaving customer information vulnerable. The breach exposed sensitive details, though the exact scope of compromised data remains undisclosed in the official statement. The fines reflect the severity of the lapse under GDPR regulations, underscoring regulatory scrutiny on telecom providers handling vast amounts of personal data.
The incident highlights ongoing risks in the sector, where high-profile breaches continue to draw enforcement actions from European authorities.
Freedom Financial Network cybersecurity rating report: https://www.rankiteo.com/company/freedom-financial
Freedom Financial Network cybersecurity rating report: https://www.rankiteo.com/company/freedom-financial
"id": "FREFRE1768723555",
"linkid": "freedom-financial, freedom-financial",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '24000000',
'industry': 'Telecommunications',
'location': 'France',
'name': 'Free Mobile',
'type': 'Telecom Operator'},
{'customers_affected': '24000000',
'industry': 'Telecommunications',
'location': 'France',
'name': 'Free',
'type': 'Telecom Operator'}],
'data_breach': {'number_of_records_exposed': '24000000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal data'},
'date_detected': '2024-10-01',
'date_publicly_disclosed': '2026-01-14',
'description': 'France’s data protection authority, the Commission Nationale '
"de l'Informatique et des Libertés (CNIL), imposed a combined "
'€42 million fine on telecom operators Free Mobile (€27 '
'million) and Free (€15 million), both subsidiaries of Iliad, '
'due to a cyberattack in October 2024 that exposed personal '
'data tied to 24 million subscriber contracts. CNIL determined '
'that the operators failed to implement adequate security '
'measures, violating GDPR regulations.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Personal data of 24 million subscriber '
'contracts',
'financial_loss': '42000000',
'identity_theft_risk': 'High',
'legal_liabilities': 'GDPR fines imposed'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Inadequate security measures'},
'references': [{'source': "Commission Nationale de l'Informatique et des "
'Libertés (CNIL)'}],
'regulatory_compliance': {'fines_imposed': '42000000',
'regulations_violated': ['GDPR'],
'regulatory_notifications': 'Yes'},
'title': 'French Telecom Giants Fined €42 Million Over 2024 Data Breach',
'type': 'Data Breach'}