Skip to content
Data breachContained

Leak at Bouygues Telecom

On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

Victim
Bouygues Telecom
records
6.4M

On 6 August 2025, Bouygues Telecom β€” one of France's largest mobile and broadband operators β€” disclosed that it had been the victim of a cyberattack that gave an unauthorized third party access to personal data tied to 6.4 million customer accounts. The intrusion was detected on 4 August 2025, and the company notified the affected individuals by email or SMS.

The exposed information varied by customer but covered contact details, contractual data, civil-status information (and company data for business customers), and bank account identifiers. Bouygues Telecom stressed that no bank card numbers and no account passwords were compromised in the breach.

Exposed data categories included:

  • Contact details (name, address, email, phone)
  • Contractual and subscription data
  • Civil-status data (and company data for professional customers)
  • IBANs (bank account numbers)

While an IBAN alone is not sufficient to initiate fraudulent transfers, when combined with a customer's name it can enable SEPA direct-debit fraud and highly convincing targeted phishing. Bouygues Telecom reported the incident to France's cybersecurity agency (ANSSI) and the data protection authority (CNIL) and filed a criminal complaint. The breach was one of several to hit French telecom operators in the preceding year, and affected customers were advised to monitor their bank statements and stay alert to phishing attempts.

Sources

  1. corporate.bouyguestelecom.frhttps://www.corporate.bouyguestelecom.fr/archives-communique-presse/bouygues-telecom-annonce-avoir-ete-victime-dune-cyberattaque/
  2. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/bouygues-telecom-confirms-data-breach-impacting-64-million-customers/
  3. zataz.comhttps://www.zataz.com/bouygues-telecom-cyberattaque-fuite-donnees-2025/
  4. infosecurity-magazine.comhttps://www.infosecurity-magazine.com/news/bouygues-telecom-breach-customer/

Related incidents

Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers β€” exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details β€” was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K