Free was “the victim of a cyberattack targeting a management tool”, resulting in “unauthorized access to part of the personal data associated with the accounts of certain subscribers”, confirmed this Saturday, October 26, the second telephone operator in France to AFP.
“No password”, “no bank card”, “no content of communications (emails, SMS, voice messages, etc.)” are affected by this attack, of which neither the date nor the extent have been specified, a added the company. “No operational impact has been noted on (its) activities and (its) services.”
“A criminal complaint has been filed with the Public Prosecutor,” Free said. The National Commission for Information Technology and Liberties (Cnil) and the National Information Systems Security Agency (Anssi) have been notified, as provided for by law.
“Subscribers informed by email shortly”
“The subscribers concerned have been or will be informed by email shortly,” said the mobile operator founded by Xavier Niel, who ensures that “all necessary measures were taken immediately to put an end to this attack and strengthen the protection of our information systems.
On October 22, the “ethical Rennes hacker”, SaxX, published on the subject on the social network .
The Internet user assured that a first file of more than 43 gigabytes concerned nearly 19 million customer accounts. It included their first and last names, telephone numbers, dates of birth and email addresses. Even more problematic: the hacker claimed that a second database would contain banking data (IBAN) of 5.1 million subscribers. In both cases, these would be Free Mobile and Freebox accounts.
On September 19, another operator, SFR, was the subject of a leak of customer data, including bank details, following what it described as a “security incident involving a management tool orders from its customers. The group did not specify the total number of customers affected by this leak, but confirmed that it had affected traditional subscribers as well as subscribers to its “Red by SFR” offer.