Orange has confirmed that there has been no new attack, compromise or ransomware request on the Orange group’s IT systems following claims in media reports.

After claims were made that Orange was breached by the Babuk ransomware gang in an attack that allegedly resulted in the theft of 4.5 TB of data, with a quarter of which threatened to be exposed should the firm refuse to enter ransom negotiations.

In a statement sent to SC UK, Orange said after a detailed analysis it confirmed no attack took place.

“This latest publication seems to be a simple republication of a previously publicised leak concerning Orange Romania,” the company said. “This follows an initial attack claim made public on February 23rd.”

Previous Attack

Regarding this previous attack, Orange said it has already confirmed that a non-critical application for its B2C operations in Romania was targeted. “Immediate measures have been taken to prioritise the protection of our employees', customers', and partners' data. There has been no impact on the services provided to customers.”

It confirmed that incident involved a non-critical back-office application, from which an unauthorised third party managed to extract data, which was then disseminated on a specialised site. “Access to this application has been strengthened and is under increased monitoring,” it said. “The incident has been reported to the Romanian authorities, including the national data protection authority (ANSPDCP), within the regulatory timeframe.

“Investigations are ongoing to clarify the impacts of this incident. Communication is underway with the affected Romanian customers.”

In the more recent incident, the Babuk operators claimed to have exfiltrated a trove of "very detailed" information including data from its main and Romanian websites, such as customer records, email addresses, user data, source code, invoices, internal documents, projects, contracts, employee details, credit cards, messages, call logs, and other personally identifiable information.

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.