Skip to content

Incidents in sector:

Telecom

Credential stuffingOngoing

FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls

A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials โ€” including plaintext passwords โ€” for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.

Victim
Organizations running Fortinet FortiGate firewalls worldwide
Data breachResolved

Charter data breach (2026)

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign.

Victim
Charter
Records
4.9M
Data breachResolved

LegionProxy data breach (2026)

In April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach. The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.

Victim
LegionProxy
Records
10.1K
RansomwareUnknown

Data leak at Tactis

In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

Victim
Tactis
Supply chainContained

358,000 Rรฉglo Mobile (Leclerc) customers affected by a data leak

On 18 February 2026, Rรฉglo Mobile โ€” the E.Leclerc/SFR-backed mobile virtual operator โ€” disclosed that a subcontractor breached from 13 February exposed data on about 358,000 customers, including identity, contact details, dates of birth, PUK codes, call records and partial banking data, with the database offered for sale by actor "84City".

Victim
Rรฉglo Mobile (Leclerc)
Records
358.0K
Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers โ€” exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details โ€” was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K
Data breachContained

Leak at Bouygues Telecom

On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

Victim
Bouygues Telecom
Records
6.4M
RansomwareContained

Leak at Orange

On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

Victim
Orange
Data breachContained

Leak at Carrefour Mobile

In April 2025, Carrefour Mobile, the Belgian MVNO of the Carrefour retail group, suffered a data breach exposing personal data of about 64,000 customers, including names, contact details, home addresses, portal passwords and, for some, passport numbers.

Victim
Carrefour Mobile
Records
64.0K
Data breachContained

Telefรณnica Hellcat infostealer-to-Jira breach (Spain, 2025)

Infostealer malware on the endpoints of 15+ Telefรณnica employees gave the Hellcat ransomware group credentials into the company's internal Jira ticketing system. Social-engineering escalated the access to SSH. The group did not extort โ€” it publicly published 2.3 GB including 24,000 employee emails, 470,000 internal Jira tickets, and 5,000 internal documents.

Victim
Telefรณnica
Records
500.0K
Data breachinvestigating

Movistar Peru data leak

A database containing roughly 22 million records on Movistar Peru customers โ€” DNI numbers, names, birth dates, and addresses collected between 2016 and 2018 โ€” circulated freely on hacking forums over the December holiday break.

Victim
Movistar Peru (Telefรณnica del Perรบ)
Records
22.0M
Data breachOngoing

Data leak at SFR

On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR โ€” names, postal and email addresses, dates of birth and phone numbers โ€” plus 150,000 IBANs offered for separate sale on the dark web.

Victim
SFR
Records
3.6M
Data breachContained

Leak at Free

In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

Victim
Free
Records
5.2M
EspionageContained

Salt Typhoon US telecom espionage campaign (2024)

China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers โ€” Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream โ€” including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.

Victim
U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
Data breachContained

Leak at RED by SFR

In September 2024, RED by SFR โ€” the low-cost mobile brand of French telecom SFR โ€” disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

Victim
RED by SFR
Data breachResolved

BSNL telecom data breach

A threat actor advertised roughly 278 GB of data stolen from India's state-owned telecom BSNL โ€” including IMSI numbers, SIM details, home location register data, and security keys โ€” exposing millions of subscribers to SIM-cloning and fraud, in the carrier's second breach in six months.

Victim
Bharat Sanchar Nigam Limited (BSNL)
Data breachResolved

Hathway data breach (2023)

In December 2023, hundreds of gigabytes of data allegedly taken from Indian ISP and digital TV provider Hathway appeared on a popular hacking website. The incident exposed extensive personal information including 4.7M unique email addresses along with names, physical and IP addresses, phoneโ€ฆ

Victim
Hathway
Records
4.7M
Supply chainResolved

3CX supply-chain attack (DPRK)

North Korea-linked actors trojanized the 3CXDesktopApp softphone client, distributing the SmoothOperator malware through a legitimately-signed update to a customer base of over 600,000 organizations โ€” the first documented cascading software supply-chain compromise, itself enabled by a prior breach of trading software X_TRADER.

Victim
3CX (3CXDesktopApp customers)
Data breachResolved

A1 Hrvatska data breach

Croatian mobile carrier A1 Hrvatska disclosed unauthorized access to a customer database exposing the names, personal identification numbers, addresses and phone numbers of roughly 200,000 subscribers โ€” about 10% of its customer base.

Victim
A1 Hrvatska
Records
200.0K
Data breachResolved

Ho. Mobile SIM data breach

The customer database of Ho. Mobile, Vodafone Italy's budget operator, was stolen and offered for sale on the dark web โ€” exposing the personal and SIM data of about 2.5 million Italian subscribers and prompting a mass SIM replacement.

Victim
Ho. Mobile (Vodafone Italy)
Records
2.5M
Supply chainContained

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim
SolarWinds (Orion customers โ€” ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss
$100.00B
Data breachResolved

Hopamedia data breach (2020)

In 2024, data relating to an unknown service referred to as "Hopamedia" and dating back to 2020 appeared in a publicly exposed database. The data included almost 24M records of email address, name, phone number, the country of the individual and their telecommunications carrier.

Victim
Hopamedia
Records
23.8M
Data breachResolved

Vianet data breach (2020)

In April 2020, the Nepalese internet service provider Vianet suffered a data breach. The attack on the ISP led to the exposure of 177k customer records including 94k unique email addresses. Also exposed were names, phone numbers and physical addresses.

Victim
Vianet
Records
94.4K
Vulnerability exploitResolved

Virgin Mobile Polska data breach

An unauthorised party exploited a flaw in Virgin Mobile Polska's prepaid-registration application to access the personal data of over 114,000 subscribers, including PESEL identity numbers and ID-card details. Poland's data-protection authority fined the operator nearly PLN 2 million for inadequate security testing.

Victim
Virgin Mobile Polska
Records
115.0K
Data breachResolved

IndiHome data breach (2019)

In mid-2021, reports emerged of a data breach of Indonesia's telecommunications company, IndiHome. Over 26M rows of data alleged to have been sourced from the company was posted to a popular hacking forum and contained 12.6M unique email addresses alongside names, IP addresses, genders andโ€ฆ

Victim
IndiHome
Records
12.6M
Data breachResolved

ApexSMS data breach (2019)

In May 2019, news broke of a massive SMS spam operation known as "ApexSMS" which was discovered after a MongoDB instance of the same name was found exposed without a password.

Victim
ApexSMS
Records
23.2M
Data breachunresolved

Malaysia telecommunications mega data breach

Personal data of 46.2 million Malaysian mobile subscribers โ€” names, ID card numbers, SIM and IMSI numbers, and addresses from at least a dozen telcos and MVNOs โ€” was leaked and offered for sale online, in the largest data breach in Malaysian history.

Victim
Malaysian mobile operators (Maxis, Celcom, DiGi, U Mobile and others)
Records
46.2M
Data breachResolved

Bell (2017 breach) data breach (2017)

In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to theโ€ฆ

Victim
Bell (2017 breach)
Records
2.2M
DDoSResolved

Dyn DNS Mirai DDoS attack

A massive Mirai-botnet DDoS attack against managed DNS provider Dyn knocked Twitter, Netflix, Spotify, GitHub, Reddit, and dozens of other major sites offline across the U.S. and Europe, demonstrating how a botnet of compromised IoT devices could disrupt large swathes of the internet.

Victim
Dyn, Inc.
Data breachResolved

StarNet data breach (2015)

In February 2015, the Moldavian ISP "StarNet" had it's database published online. The dump included nearly 140k email addresses, many with personal details including contact information, usage patterns of the ISP and even passport numbers.

Victim
StarNet
Records
139.4K