Bouygues Telecom, France’s third-largest mobile carrier, has confirmed a significant cyberattack that led to a large-scale data breach, exposing sensitive information from 6.4 million customer accounts.
The company announced on August 6 that it detected the intrusion on August 4, but has not disclosed when the attack was fully contained. Bouygues serves approximately 26.9 million mobile subscribers across France, making this incident one of the most severe breaches in the country’s telecommunications sector in recent years.
Data Exposed
According to Bouygues, the stolen information includes:
- Contact details and contractual data of affected customers
- Civil status for private subscribers, or company information for professional accounts
- IBANs (International Bank Account Numbers)
The operator confirmed that the breach has been reported to CNIL, France’s data protection authority.
A Quiet Disclosure
Interestingly, the dedicated web page set up by Bouygues to inform victims contained a “noindex” tag, preventing search engines from indexing the page. This move makes it more difficult for affected customers to discover the announcement through a simple web search. Bouygues has not commented on the reason behind this decision.
Context and Industry Impact
This attack comes less than two weeks after another major French telecom giant, Orange, disclosed its own cyber incident. On July 29, Orange warned customers about potential service disruptions as it worked to isolate impacted systems.
The back-to-back breaches at two of France’s largest telecom providers raise concerns about the resilience of critical infrastructure and the effectiveness of sector-wide cybersecurity measures.
What’s Next for Customers
Bouygues has not yet detailed the exact entry point of the attack or the identity of the threat actors. The company advises customers to remain vigilant, monitor their bank accounts for suspicious activity, and be cautious of phishing attempts leveraging stolen personal information.