Iliad (Free): new cyberattack with leaked network data
On 30 March 2026, the extortion group ALP-001 listed French telecom group Iliad (parent of Free) on its leak site, publishing a 5.4 GB sample of mobile-network engineering data — radio measurements, GPS drive tests, and network optimization records — and threatening fuller disclosure.
- Victim
- Iliad (Free)
On 30 March 2026, Iliad — the French telecommunications group that owns mobile and broadband operator Free — was added to the dark-web leak site of the extortion gang ALP-001, which claimed to have stolen a large set of the company's mobile-network engineering data.
As proof of access, the attackers published an initial sample archive of roughly 5.4 GB and asserted they held a much larger private database, setting a countdown deadline of 11 April 2026 for their demands before threatening to release more. The intrusion vector was not disclosed by the group.
Unlike the October 2024 breach of Free's subscriber base, this incident centred on internal telecom infrastructure and field-engineering records rather than customer billing data. The leaked categories reportedly included:
- Radio measurements (RSRP, RSSI, SINR)
- GPS drive tests, coordinates and field test results
- Network calibration and optimization data
- 3G/4G/LTE technical mapping and deployment/project data
- Throughput and latency performance metrics
- Regulatory and network-design reports
As of reporting, Iliad and Free had issued no public confirmation of the breach, and the claims remained those of the threat actor pending verification. The matter is unresolved, with ALP-001 still threatening further data release.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/iliad-free-nouvelle-cyberattaque-avec-des-donnees-reseau-en-fuite/
- dexpose.iohttps://www.dexpose.io/alp-001-targets-french-telecom-leader-iliad-s-a/
- redpacketsecurity.comhttps://www.redpacketsecurity.com/alp-001-ransomware-victim-iliad-fr/