{ "id": "fc32d517-a57d-496e-b0e9-740a0d5d4d23", "created_at": "2026-04-06T00:18:19.225263Z", "updated_at": "2026-04-10T13:11:25.334497Z", "deleted_at": null, "sha1_hash": "3254939c5e942d599a59c28ae4b87d2490172e52", "title": "Orange confirms ransomware attack exposing business customers' data", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1709180, "plain_text": "Orange confirms ransomware attack exposing business customers' data\r\nBy Lawrence Abrams\r\nPublished: 2020-07-16 · Archived: 2026-04-05 19:26:06 UTC\r\nOrange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their\r\nenterprise customers.\r\nOrange is a French telecommunications company that offers consumer communication services and business services to the\r\nenterprise. With 266 million customers and 148,000 employees, Orange is the fourth-largest mobile operator in Europe.\r\nAs part of its services portfolio, the 'Orange Business Services' division offers enterprise solutions such as remote support,\r\nvirtual workstations, system security, and cloud backups and hosting.\r\nhttps://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nNefilim ransomware leaks Orange customer data\r\nOn July 15th, 2020, the ransomware operators behind the Nefilim Ransomware added Orange to their data leak site and\r\nstated that they breached the company through their \"Orange Business Solutions\" division.\r\nOrange data leak on Nefilim leak site\r\nOrange confirmed to BleepingComputer that they suffered a ransomware attack targeting their Orange Business\r\nServices division on the night of Saturday, July 4th, 2020, into July 5th.\r\nThis attack allowed the Nefilim operators to gain access to twenty Orange Pro/SME customers' data.\r\n\"A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July\r\n2020. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary\r\nsolutions required to ensure the security of our systems. According to initial analysis by security experts, this attack has\r\nconcerned data hosted on one of our Neocles IT platforms, \"Le Forfait informatique\", and no other service has been affected.\r\nHowever, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the\r\nplatform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate\r\nthis breach. Orange apologises for the inconvenience caused.\"\r\nOrange's \"Le Forfait Informatique\" platform allows enterprise customers to host virtual workstations in the cloud while\r\noutsourcing IT support for these hosted workstations to Orange Business Services.\r\nAs part of the ransom operators' leak, a 339MB archive file was published titled 'Orange_leak_part1.rar' that contained data\r\nthat was allegedly stolen from Orange during the attack.\r\nThe Ransom Leaks Twitter account, run by researchers analyzing ransomware leaks, told BleepingComputer that this\r\narchive contained emails, airplane schematics, and files from ATR Aircraft, a French aircraft manufacturer.\r\nhttps://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/\r\nPage 3 of 4\n\nThis data may indicate that ATR is a customer of Orange's Le Forfait Informatique platform and was stolen during the\r\nattack.\r\nWhile ATR told BleepingComputer that they \"have not recently been affected by a ransomware attack,\" we have not\r\nreceived replies to our followup questions regarding their data leaked in the Orange attack.\r\nRansomware attacks are data breaches\r\nWith unencrypted file theft being a strong component of enterprise-targeting ransomware operations, all attacks must be\r\nconsidered data breaches.\r\nAlmost all ransomware attacks now include a pre-encryption component where the attackers steal unencrypted files from the\r\nvictim.\r\nThe threat of publicly releasing these stolen files is the latest used as leverage to coerce victims to pay the ransom demand.\r\nWhile Orange did the right thing by being transparent about their attack and notifying the customers, it is equally vital for\r\nthe affected customers to disclose these breaches to their clients and employees.\r\nAs employees are commonly the last to know about these attacks, they are also at the most risk as their personal information\r\nis publicly released or sold to other threat actors.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/\r\nhttps://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/orange-confirms-ransomware-attack-exposing-business-customers-data/" ], "report_names": [ "orange-confirms-ransomware-attack-exposing-business-customers-data" ], "threat_actors": [], "ts_created_at": 1775434699, "ts_updated_at": 1775826685, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3254939c5e942d599a59c28ae4b87d2490172e52.pdf", "text": "https://archive.orkl.eu/3254939c5e942d599a59c28ae4b87d2490172e52.txt", "img": "https://archive.orkl.eu/3254939c5e942d599a59c28ae4b87d2490172e52.jpg" } }