Leak at RED by SFR
In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.
- Victim
- RED by SFR
On 18 September 2024, RED by SFR — the low-cost mobile brand of French telecom operator SFR — began notifying customers of a data breach affecting several tens of thousands of people. SFR said it detected the intrusion on 3 September 2024 and immediately sealed it. The incident chiefly concerned customers who had recently taken out a RED plan or ordered a smartphone.
According to the company, attackers gained unauthorized access to an order-management tool, which in turn opened a path to servers hosting the affected customer databases. SFR stressed that passwords, call records, and SMS content were not affected.
The exposed data was notably sensitive and well suited to fraud and convincing phishing:
- Last name and first name
- Email and postal address
- Phone number
- IBAN (bank account number)
- Plan/contract type
- SIM card identifier
- Smartphone identifier (IMEI)
SFR notified France's data-protection regulator (the CNIL), filed a criminal complaint, and tightened authentication procedures for any request to change a customer's contact details. It also set up a dedicated helpline and warned affected customers to be wary of phishing and SIM-swap attempts. No threat group was publicly attributed; a hacker had separately claimed around 50,000 RED customer records around the same period. The exact number affected was not officially confirmed.
Sources
- next.inkhttps://next.ink/brief_article/red-by-sfr-informe-ses-clients-dune-nouvelle-fuite-avec-une-ribambelle-de-donnees/
- usine-digitale.frhttps://www.usine-digitale.fr/article/cybersecurite-sfr-touche-par-une-fuite-de-donnees-exposant-les-iban-de-ses-clients.N2219036