Leak at Red by SFR
In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.
- Victim
- Red by SFR
On 19 December 2025, Red by SFR β the low-cost mobile and broadband brand of French telecom operator SFR (Altice) β notified affected customers of a data breach after attackers gained unauthorized access to one of the company's internal systems.
According to SFR, the intrusion targeted a tool used to manage fixed-network fiber-connection interventions. Through that entry point, attackers were able to reach customer data held in the operator's information systems. Red by SFR subscribers were particularly affected, and notification emails went out from around 17 December 2025.
The exposed data included:
- First and last name
- Email address
- Postal address
- Phone number
- Customer reference / identifier (and, in some cases, the auto-generated initial account password)
SFR stated that no banking or payment data was compromised. The breach is reported to have affected several tens of thousands of customer records, though the operator did not publish a definitive figure; a separate claim on a hacking forum advertised a far larger dataset that remains unverified. SFR said its teams quickly contained and closed the incident, reported it to the French data-protection authority (CNIL) and the relevant authorities, and warned customers to stay alert to phishing attempts. This breach is distinct from the earlier September 2024 Red by SFR incident.
Sources
- next.inkhttps://next.ink/215573/fuite-de-donnees-confirmee-chez-sfr-liee-au-raccordement-fibre/
- usine-digitale.frhttps://www.usine-digitale.fr/telecoms/altice/sfr/cybersecurite-sfr-victime-dune-fuite-de-donnees-personnelles-de-ses-clients-un-an-apres-la-precedente.66MORRZXEBAVXN3AUXSN5WZO64.html
- incyber.orghttps://incyber.org/article/sfr-victime-fuite-donnees-filiale-red/
- connexionfrance.comhttps://www.connexionfrance.com/news/sfr-customers-in-france-warned-to-be-vigilant-following-cyberattack/760558