Orange SA: Ransomware Hack Hit Orange Telecom, Data Published on Dark Web

Orange Telecom Hit by Warlock Ransomware Attack, Customer Data Leaked on Dark Web

In late July 2025, French telecommunications giant Orange SA disclosed a ransomware attack on its internal systems to national authorities. The breach, attributed to the cybercriminal group Warlock, resulted in the theft of business customer data, approximately 4GB of which was published on the dark web in mid-August.

The attack targeted Orange’s infrastructure, though specific details about the compromised systems remain undisclosed. The incident highlights the ongoing threat posed by ransomware gangs to critical infrastructure providers. Orange, headquartered in Paris, has not publicly commented on the ransom demands or the full extent of the data exposed.

The breach underscores the persistent risks faced by major corporations, particularly in sectors handling sensitive customer information. Authorities are likely investigating the incident as part of broader efforts to combat cybercrime.

Source: https://www.bloomberg.com/news/articles/2025-08-22/ransomware-hack-hit-orange-telecom-data-published-on-dark-web

Orange cybersecurity rating report: https://www.rankiteo.com/company/orange

"id": "ORA1770316673",
"linkid": "orange",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Business customers',
                        'industry': 'Telecommunications',
                        'location': 'Paris, France',
                        'name': 'Orange SA',
                        'size': 'Large',
                        'type': 'Telecommunications'}],
 'data_breach': {'data_exfiltration': '4GB of data published on the dark web',
                 'type_of_data_compromised': 'Business customer data'},
 'date_detected': '2025-07',
 'date_publicly_disclosed': '2025-07',
 'description': 'In late July 2025, French telecommunications giant Orange SA '
                'disclosed a ransomware attack on its internal systems to '
                'national authorities. The breach, attributed to the '
                'cybercriminal group Warlock, resulted in the theft of '
                'business customer data, approximately 4GB of which was '
                'published on the dark web in mid-August. The attack targeted '
                'Orange’s infrastructure, though specific details about the '
                'compromised systems remain undisclosed. The incident '
                'highlights the ongoing threat posed by ransomware gangs to '
                'critical infrastructure providers.',
 'impact': {'brand_reputation_impact': 'Likely impacted',
            'data_compromised': 'Business customer data'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'investigation_status': 'Ongoing',
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Warlock'},
 'references': [{'source': 'Incident disclosure'}],
 'regulatory_compliance': {'regulatory_notifications': 'Disclosed to national '
                                                       'authorities'},
 'response': {'law_enforcement_notified': 'National authorities'},
 'threat_actor': 'Warlock',
 'title': 'Orange Telecom Hit by Warlock Ransomware Attack, Customer Data '
          'Leaked on Dark Web',
 'type': 'Ransomware'}