Skip to content
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR

On 19 December 2025, Red by SFR β€” the low-cost mobile and broadband brand of French telecom operator SFR (Altice) β€” notified affected customers of a data breach after attackers gained unauthorized access to one of the company's internal systems.

According to SFR, the intrusion targeted a tool used to manage fixed-network fiber-connection interventions. Through that entry point, attackers were able to reach customer data held in the operator's information systems. Red by SFR subscribers were particularly affected, and notification emails went out from around 17 December 2025.

The exposed data included:

  • First and last name
  • Email address
  • Postal address
  • Phone number
  • Customer reference / identifier (and, in some cases, the auto-generated initial account password)

SFR stated that no banking or payment data was compromised. The breach is reported to have affected several tens of thousands of customer records, though the operator did not publish a definitive figure; a separate claim on a hacking forum advertised a far larger dataset that remains unverified. SFR said its teams quickly contained and closed the incident, reported it to the French data-protection authority (CNIL) and the relevant authorities, and warned customers to stay alert to phishing attempts. This breach is distinct from the earlier September 2024 Red by SFR incident.

Sources

  1. next.inkhttps://next.ink/215573/fuite-de-donnees-confirmee-chez-sfr-liee-au-raccordement-fibre/
  2. usine-digitale.frhttps://www.usine-digitale.fr/telecoms/altice/sfr/cybersecurite-sfr-victime-dune-fuite-de-donnees-personnelles-de-ses-clients-un-an-apres-la-precedente.66MORRZXEBAVXN3AUXSN5WZO64.html
  3. incyber.orghttps://incyber.org/article/sfr-victime-fuite-donnees-filiale-red/
  4. connexionfrance.comhttps://www.connexionfrance.com/news/sfr-customers-in-france-warned-to-be-vigilant-following-cyberattack/760558

Related incidents

Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers β€” exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details β€” was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K
Data breachContained

Leak at Bouygues Telecom

On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

Victim
Bouygues Telecom
Records
6.4M