Skip to content
Data breachOngoing

Data leak at SFR

On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR — names, postal and email addresses, dates of birth and phone numbers — plus 150,000 IBANs offered for separate sale on the dark web.

Victim
SFR
records
3.6M

On 24 November 2024, SFR — one of France's largest mobile and broadband operators — was named in a fresh data leak after a threat actor advertised a file containing personal information on roughly 3.6 million of its customers. It was the third leak tied to the operator during 2024 and surfaced just weeks after an earlier September incident that had exposed customer IBANs.

The published dataset contained personal details for the affected subscribers, including:

  • First and last names
  • Email addresses
  • Postal addresses, postal codes and cities
  • Dates and departments of birth
  • Phone numbers

In addition to the main file, the attacker put a separate batch of around 150,000 IBANs (bank account identifiers) up for sale on the dark web. SFR initially disputed the disclosure, characterising the data as old and recycled from prior incidents and saying there was no evidence of a new breach. The attacker responded by releasing the full dataset for free, withholding only the 150,000 IBANs, which remained reserved for paid sale.

With names, contact details and dates of birth now circulating publicly, affected customers face an elevated risk of phishing, identity theft and account-takeover attempts. The incident remained disputed and unresolved at the time of reporting; customers were urged to be vigilant against fraudulent messages exploiting the leaked information.

Sources

  1. lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-plus-de-3-6-millions-de-donnees-clients-de-sfr-vendues-sur-le-dark-web-95346.html
  2. universfreebox.comhttps://www.universfreebox.com/article/573866/nouvelle-fuite-de-donnees-chez-sfr-36-millions-de-clients-touches-et-150-000-iban-en-vente
  3. next.inkhttps://next.ink/brief_article/fuite-de-donnees-sfr-un-fichier-de-36-millions-de-lignes-dans-la-nature/
  4. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#SFR-2024-11-24

Related incidents

Data breachContained

Leak at Free

In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

Victim
Free
Records
5.2M
Data breachContained

Leak at RED by SFR

In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

Victim
RED by SFR
Data breachOngoing

DB Telecom: a 40k-customer database put up for sale

Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.

Victim
DB Telecom
Records
2.8M