Skip to content
Data breachContained

Leak at RED by SFR

In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

Victim
RED by SFR

On 18 September 2024, RED by SFR — the low-cost mobile brand of French telecom operator SFR — began notifying customers of a data breach affecting several tens of thousands of people. SFR said it detected the intrusion on 3 September 2024 and immediately sealed it. The incident chiefly concerned customers who had recently taken out a RED plan or ordered a smartphone.

According to the company, attackers gained unauthorized access to an order-management tool, which in turn opened a path to servers hosting the affected customer databases. SFR stressed that passwords, call records, and SMS content were not affected.

The exposed data was notably sensitive and well suited to fraud and convincing phishing:

  • Last name and first name
  • Email and postal address
  • Phone number
  • IBAN (bank account number)
  • Plan/contract type
  • SIM card identifier
  • Smartphone identifier (IMEI)

SFR notified France's data-protection regulator (the CNIL), filed a criminal complaint, and tightened authentication procedures for any request to change a customer's contact details. It also set up a dedicated helpline and warned affected customers to be wary of phishing and SIM-swap attempts. No threat group was publicly attributed; a hacker had separately claimed around 50,000 RED customer records around the same period. The exact number affected was not officially confirmed.

Sources

  1. next.inkhttps://next.ink/brief_article/red-by-sfr-informe-ses-clients-dune-nouvelle-fuite-avec-une-ribambelle-de-donnees/
  2. usine-digitale.frhttps://www.usine-digitale.fr/article/cybersecurite-sfr-touche-par-une-fuite-de-donnees-exposant-les-iban-de-ses-clients.N2219036

Related incidents

Data breachOngoing

Data leak at SFR

On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR — names, postal and email addresses, dates of birth and phone numbers — plus 150,000 IBANs offered for separate sale on the dark web.

Victim
SFR
Records
3.6M
Data breachContained

Leak at Free

In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

Victim
Free
Records
5.2M
Data breachOngoing

DB Telecom: a 40k-customer database put up for sale

Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.

Victim
DB Telecom
Records
2.8M