Skip to content
RansomwareContained

Leak at Orange

On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

Victim
Orange

On 25 July 2025, Orange — the French multinational telecommunications group — detected unauthorized access to one of its information systems. Security teams isolated the affected systems within hours, and the group filed a criminal complaint on 28 July for an attack on one of its information systems.

The containment measures disrupted a limited number of business-facing management services and a small subset of consumer platforms, mainly in France. Orange, supported by its Orange Cyberdefense division, said it gradually restored the main affected services by the morning of 30 July. At disclosure, the operator stated that no evidence suggested customer or Orange data had been exfiltrated.

The picture later changed: in mid-August the Warlock ransomware group claimed responsibility and published roughly 4 GB of data on the dark web. Orange said the threat actor had only limited access to its systems and was able to exfiltrate only outdated or low-sensitivity data.

Reported exposure:

  • Internal business-related files attributed to Orange (~4 GB published by Warlock)
  • Characterized by Orange as outdated or low-sensitivity data

This incident is distinct from the separate July 2025 breach at Orange Belgium (which affected roughly 850,000 customer accounts) and from a separate leak of employee data in Romania; Orange confirmed the incidents are unrelated.

Sources

  1. newsroom.orange.comhttps://newsroom.orange.com/le-groupe-orange-annonce-avoir-depose-plainte-lundi-28-juillet-pour-atteinte-a-un-de-ses-systemes-dinformation?lang=fra
  2. techcrunch.comhttps://techcrunch.com/2025/07/29/telecom-giant-orange-warns-of-disruption-amid-ongoing-cyberattack/
  3. securityaffairs.comhttps://securityaffairs.com/180552/security/orange-reports-major-cyberattack-warns-of-service-disruptions.html
  4. computerweekly.comhttps://www.computerweekly.com/news/366629873/Warlock-claims-more-victims-as-cyber-attacks-hit-Colt-and-Orange

Related incidents

RansomwareUnknown

Data leak at Tactis

In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

Victim
Tactis
RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens