Orange Group Cyberattack Disrupts Telecom Services

On 25 July 2025, Orange Group, one of Europe’s leading telecommunications providers, detected unauthorised access to one of its information systems. It acted swiftly in collaboration with Orange Cyberdefense to isolate affected systems and prevent the spread of the attack.

Isolation measures, implemented within hours, disrupted a limited number of business-facing management services and a small subset of consumer platforms, primarily in France.

Orange lodged a formal complaint on 28 July and has notified the relevant French authorities. Investigations are ongoing and Orange continues to work in full cooperation with national cybersecurity and law enforcement bodies.

No evidence of data exfiltration

At this stage of the investigation, Orange has reported no evidence suggesting that either customer or internal corporate data was stolen or exfiltrated.

Still, the group remains on high alert and is applying enhanced monitoring protocols to ensure system integrity.

“We continue to maintain the highest level of vigilance on this matter,” Orange said, reiterating its focus on data protection and customer trust.

Despite the lack of data loss, the temporary impact on some business services illustrates the broader risks facing telecom operators globally. Cybersecurity teams have since begun the gradual restoration of affected systems, prioritising operational continuity for enterprise clients.

Industry-wide pressure: a pattern of increasing threats

The incident is the second cyber event targeting Orange in 2025. In February, it confirmed a breach related to a non-critical back-office application.

Threat actors, including individuals claiming to represent the Babuk ransomware group, asserted they had accessed over 6.5GB of data, including sensitive files tied to Orange Romania.

The February breach, while limited in scope, aligns with a pattern of increasingly sophisticated cyber threats targeting the global telecom sector.

Telecom sector in the crosshairs

Orange’s experience is not isolated, as other major telecom providers have faced equally severe attacks.

• SK Telecom suffered one of the year’s most significant breaches in April, compromising data for nearly 27 million subscribers. It was fined by South Korean authorities and mandated to invest US$530m in security improvements.
• TalkTalk in the UK is investigating a third-party data breach that reportedly affected nearly 18.8 million current and former customers. The breach highlighted ongoing vulnerabilities in the telecom supply chain.
• In Canada, a major telecom provider — which has never been publicly identified — was targeted by “Salt Typhoon,” a state-sponsored group linked to China, underscoring the geopolitical dimensions of telecom cyber risk.

According to Ericsson, the global industry is witnessing a rise in Advanced Persistent Threats (APTs) exploiting unpatched software, system APIs and even valid credentials.

Rebuilding resilience and trust

Orange’s response—immediate containment, transparent communication, and cooperation with authorities—demonstrates a maturing approach to cyber resilience in telecom.

However, the frequency and scale of attacks in 2025 highlight the need for ongoing investment in proactive defence mechanisms, including endpoint protection, threat intelligence and zero-trust architectures.

Operators are increasingly recognising that telecom infrastructure represents not just critical business assets but national security interests. For B2B clients, service reliability and data protection are now key differentiators in vendor selection.

As Orange and its industry peers respond to escalating threats, customer confidence will hinge on their ability to manage incidents transparently and invest in long-term, systemic security.

While Orange has said it will not comment further on the July incident for security reasons, its actions reflect a clear directive: safeguarding networks and data is no longer a back-office concern, it is mission-critical.