Skip to content
RansomwareOngoing

Iliad (Free): new cyberattack with leaked network data

On 30 March 2026, the extortion group ALP-001 listed French telecom group Iliad (parent of Free) on its leak site, publishing a 5.4 GB sample of mobile-network engineering data — radio measurements, GPS drive tests, and network optimization records — and threatening fuller disclosure.

Victim
Iliad (Free)

On 30 March 2026, Iliad — the French telecommunications group that owns mobile and broadband operator Free — was added to the dark-web leak site of the extortion gang ALP-001, which claimed to have stolen a large set of the company's mobile-network engineering data.

As proof of access, the attackers published an initial sample archive of roughly 5.4 GB and asserted they held a much larger private database, setting a countdown deadline of 11 April 2026 for their demands before threatening to release more. The intrusion vector was not disclosed by the group.

Unlike the October 2024 breach of Free's subscriber base, this incident centred on internal telecom infrastructure and field-engineering records rather than customer billing data. The leaked categories reportedly included:

  • Radio measurements (RSRP, RSSI, SINR)
  • GPS drive tests, coordinates and field test results
  • Network calibration and optimization data
  • 3G/4G/LTE technical mapping and deployment/project data
  • Throughput and latency performance metrics
  • Regulatory and network-design reports

As of reporting, Iliad and Free had issued no public confirmation of the breach, and the claims remained those of the threat actor pending verification. The matter is unresolved, with ALP-001 still threatening further data release.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/iliad-free-nouvelle-cyberattaque-avec-des-donnees-reseau-en-fuite/
  2. dexpose.iohttps://www.dexpose.io/alp-001-targets-french-telecom-leader-iliad-s-a/
  3. redpacketsecurity.comhttps://www.redpacketsecurity.com/alp-001-ransomware-victim-iliad-fr/

Related incidents

RansomwareUnknown

Data leak at Tactis

In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

Victim
Tactis
RansomwareContained

Leak at Orange

On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

Victim
Orange