Ransomware cyber

Orange SA

Aug 25, 2025 2 min read
Orange SA

A criminal hacking gang, identified as Warlock, executed a ransomware attack on **Orange SA**, a major French telecommunications company, in late July 2025. The attackers breached internal systems, exfiltrating approximately **4 GB of business customer data**, which was later published on the dark web in mid-August. While Orange claimed the stolen data was **outdated or of low sensitivity**, the incident follows prior breaches in 2025, including a July attack on **850,000 customer accounts** in its Belgian division and a separate leak of **employee data in Romania**.The Warlock group, known for leasing ransomware to affiliate hackers, encrypted Orange’s systems and demanded payment for decryption. Orange collaborated with affected companies and authorities, notifying impacted parties before the data’s public release. Telecommunications firms remain high-value targets due to their repositories of **financial, governmental, and corporate communication data**, amplifying risks of reputational damage, regulatory scrutiny, and operational disruption.

Source: https://www.insurancejournal.com/news/international/2025/08/25/836826.htm

TPRM report: https://www.rankiteo.com/company/orange

"id": "ora751082525",
"linkid": "orange",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'telecommunications',
                        'location': 'France (HQ: Paris)',
                        'name': 'Orange SA',
                        'size': 'large enterprise',
                        'type': 'telecommunications'},
                       {'customers_affected': '850,000 (separate incident in '
                                              'July 2025)',
                        'industry': 'telecommunications',
                        'location': 'Belgium',
                        'name': 'Orange Belgium',
                        'type': 'subsidiary'},
                       {'industry': 'telecommunications',
                        'location': 'Romania',
                        'name': 'Orange Romania',
                        'type': 'subsidiary'}],
 'attack_vector': ['ransomware (Warlock)', 'system compromise'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'sensitivity_of_data': 'low',
                 'type_of_data_compromised': ['business customer data',
                                              'outdated data',
                                              'low-sensitivity data']},
 'date_detected': '2025-07-01T00:00:00Z',
 'date_publicly_disclosed': '2025-07-31T00:00:00Z',
 'description': 'A criminal hacking gang (Warlock) stole business customer '
                'data from French telecommunications company Orange SA and '
                'published ~4GB of data on the dark web in mid-August 2025. '
                'The breach was disclosed to authorities in late July 2025. '
                'Orange confirmed the data was outdated or low-sensitivity and '
                'had informed affected companies in advance. This follows '
                'separate incidents in July (Belgian customer data breach) and '
                'another involving employee data in Romania published on the '
                'dark web.',
 'impact': {'brand_reputation_impact': 'moderate (public disclosure of breach)',
            'data_compromised': ['business customer data',
                                 'outdated/low-sensitivity data'],
            'identity_theft_risk': 'low (data described as '
                                   'outdated/low-sensitivity)',
            'operational_impact': 'limited',
            'systems_affected': ['internal systems']},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'high_value_targets': ['business customer data']},
 'investigation_status': 'ongoing (as of August 2025)',
 'motivation': ['financial gain', 'data theft'],
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'Warlock'},
 'references': [{'date_accessed': '2025-01-01', 'source': 'Bloomberg'},
                {'date_accessed': '2025-08-15',
                 'source': 'Orange SA spokesperson statement'}],
 'regulatory_compliance': {'regulatory_notifications': ['French national '
                                                        'authorities '
                                                        '(disclosed late July '
                                                        '2025)']},
 'response': {'communication_strategy': ['advance notification to affected '
                                         'companies',
                                         'public disclosure'],
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True,
              'remediation_measures': ['collaboration with affected companies',
                                       'coordination with authorities']},
 'stakeholder_advisories': ['affected companies notified in advance'],
 'threat_actor': 'Warlock (ransomware-as-a-service group)',
 'title': 'Ransomware Hack Hits Orange Telecom, Data Published on Dark Web',
 'type': ['ransomware', 'data breach', 'data exfiltration']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.