Orange has confirmed that its Romanian branch has been hit by a cyber attack in which thousands of internal documents were stolen. The hacker, who calls himself Rey and is a member of the HellCat ransomware group, claims to have accessed 380,000 e-mail addresses and other sensitive data.
According to Orange, the hack occurred on a non-critical back-office application and had no impact on customers’ operational activities. The attacker says he could steal data undetected for about three hours, resulting in nearly 12,000 files totaling 6.5 GB.
Among the information captured are the e-mail addresses of Orange Romania’s current and former employees, partners, and contractors. Partial payment card details of Romanian customers, some of which had already expired, were also found. The hack also exposed customer data from Yoxo, Orange’s subscription service with no contract period.
Security website BleepingComputer claims to be in contact with Rey. Rey said there would have been access to Orange systems for a month. The hacker claims that this case does not involve HellCat activity, but HellCat did claim previous successful hacks on Schneider Electric and Telefónica.
Response and investigation
“We took immediate action, and our top priority remains protecting the data and interests of our employees, customers and partners,” Orange stated. The company is cooperating with relevant authorities and has launched an investigation to limit the impact of the incident.
This hack follows shortly after a security incident at Orange Spain, demonstrating that cyber criminals continue to target telecom organizations.