HQ/EMEAFind out how we can help your business
The French internet service provider (ISP), called Free, reported that it became the subject of a data breach incident after hackers had infiltrated its servers during the weekend.
This affected entity is one of France’s most prominent ISPs and immediately filed a criminal complaint with the public prosecutor and informed the ANSSI and CNIL about the situation.
According to its representative, the company will email the affected subscribers about the issue. The representative insisted that the breach has no operational impact as they have yet to observe one in their activities and services. The firm also assured its subscribers that they had already taken all necessary measures to put an end to this attack and fortify the protection of their stored data.
Free ISP explained that the attackers targeted its management tool, which resulted in the exposure of sensitive data.
Free elaborated that the data breach operators targeted a management tool that exposed customers’ information. Despite this event, the attackers allegedly did not gain access to sensitive details, such as user passwords, credit card information, or communications content.
However, the hackers are currently auctioning the stolen data on BreachForums. The highest bidder will allegedly win a third of France’s population’s data that subscribed to the IPS.
Furthermore, the attackers provided an archive containing some of the alleged stolen data, screenshots, and database headers as proof of the legitimacy of the auctioned material. Additionally, the threat actors doubled down on their claims by revealing that they would allow clients to search the stolen database to confirm that the entire database is available for purchase.
On the other hand, Free claims that the attackers could only steal those of specific fixed subscribers and that they are insufficient to initiate a direct debit from a bank. Therefore, if subscribers notice an unusual direct debit that does not correlate to any date and has no known invoice amount, their bank must repay them.
Lastly, the company encourages everyone, especially kids, to be cautious of phishing attempts. Threat actors may use the exposed data to execute targeted phishing campaigns that might result in financial loss.
