DB Telecom: a 40k-customer database put up for sale
A hacker claims to be selling a massive database from DB Telecom (Service Telecom), a player in the French telecommunications sector, with more than
- Victim
- DB Telecom
Incidents in sector:
Telecom
Iliad (Free): new cyberattack with leaked network data
The Iliad group, parent company of Free, has been listed on the data leak site of a cybercriminal group called ALP-001. The attackers claim
- Victim
- Iliad (Free)
508,276 Coriolis Télécom customers affected by a data leak
Coriolis Télécom customers are affected by a confirmed leak impacting mobile and internet subscribers. Nearly 508,000 rows of customer-related data have been made public, the…
- Victim
- Coriolis Télécom
- Records
- 508.3K
23,920 Corse GSM customers affected by a data leak
Corse GSM customers are affected by a confirmed leak that exposes nearly 24,000 accounts tied to the telecom service. The leak comes from a file made public and concerns information…
- Victim
- Corse GSM (2025)
- Records
- 23.9K
Claimed leak at L'Orange Bleue Fitness Club
Managers and operators of about 600 L'Orange Bleue clubs are reportedly affected by an internal data leak dating back to June 2025, according to the claim. A public sample analyzed includes…
- Victim
- L'Orange Bleue Fitness Club
Claimed data leak at AXYON (EDF, Eiffage, Bouygues, Engie, Renault, etc.)
AXYON customers and partners are affected by a claimed leak said to involve around 340 GB of internal data, according to the claim. AXYON provides B2B engineering services…
- Victim
- AXYON (EDF, Eiffage, Bouygues, Engie, Renault, etc.)
Leak at Bouygues Telecom
6.4 million customers; contact details; contractual data; civil status; IBAN
- Victim
- Bouygues Telecom
Telefónica Hellcat infostealer-to-Jira breach (Spain, 2025)
Infostealer malware on the endpoints of 15+ Telefónica employees gave the Hellcat ransomware group credentials into the company's internal Jira ticketing system. Social-engineering escalated the access to SSH. The group did not extort — it publicly published 2.3 GB including 24,000 employee emails, 470,000 internal Jira tickets, and 5,000 internal documents.
- Victim
- Telefónica
- Records
- 500.0K
Salt Typhoon US telecom espionage campaign (2024)
China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.
- Victim
- U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
AT&T Snowflake call-records breach
AT&T disclosed that attackers used credentials stolen by infostealers to authenticate into its Snowflake cloud-data-warehouse tenant — which lacked MFA — and exfiltrated call and text metadata covering nearly all 110 million AT&T wireless customers.
- Victim
- AT&T Communications
- Loss
- $200.0M
- Records
- 110.0M
MOVEit Transfer mass exploitation (Cl0p)
Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.
- Victim
- Progress Software MOVEit Transfer (2,700+ downstream)
- Loss
- $12.15B
- Records
- 95.0M
Royal Mail LockBit ransomware
LockBit affiliates encrypted Royal Mail's international export systems, halting all overseas postal services from the U.K. for six weeks. Royal Mail publicly refused the £65.7M ransom demand; LockBit progressively leaked exfiltrated data.
- Victim
- Royal Mail International
- Loss
- $60.0M
Optus customer data breach
An unauthenticated API endpoint exposed personal data of 9.8 million current and former Optus customers — names, dates of birth, passport and driver's licence numbers — to a single anonymous attacker.
- Victim
- Optus (Singtel)
- Loss
- $140.0M
- Records
- 9.8M
Viasat KA-SAT AcidRain wiper
One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.
- Victim
- Viasat KA-SAT (subscribers across Ukraine and Europe)
- Loss
- $100.0M
T-Mobile US data breach (Binns)
A 21-year-old American living in Turkey, John Binns, claimed to have hacked T-Mobile via an exposed GGSN router and exfiltrated personal data on 76.6 million current, former, and prospective customers.
- Victim
- T-Mobile US
- Loss
- $500.0M
- Records
- 76.6M
SolarWinds SUNBURST supply-chain compromise (Cozy Bear)
Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.
- Victim
- SolarWinds (Orion customers — ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
- Loss
- $100.00B
NotPetya destructive wiper
A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage — the most economically destructive cyberattack in history.
- Victim
- M.E.Doc users (Maersk, Merck, FedEx-TNT, Mondelez, Saint-Gobain et al.)
- Loss
- $10.00B
WannaCry ransomware worm
A North Korean ransomware worm that exploited the EternalBlue SMB vulnerability to spread to ~200,000 systems across 150 countries in 24 hours. Paralysed the U.K.'s NHS and crippled manufacturing globally.
- Victim
- ~200,000 organizations worldwide (UK NHS, Telefónica, Renault, Deutsche Bahn, Honda et al.)
- Loss
- $6.00B
TalkTalk customer data breach
An SQL injection attack — committed primarily by four British teenagers — exposed personal data on roughly 157,000 TalkTalk customers including bank account details. Triggered a record £400,000 UK ICO fine.
- Victim
- TalkTalk Telecom Group
- Loss
- $90.0M
- Records
- 157.0K