Orange data breach affects personal data of its customers in Belgium

Orange Belgium, a subsidiary of the Orange Group telecommunications company, announced on August 20, 2025, that it had detected a cyberattack on its systems on July 25 that resulted in the theft of data from approximately 850,000 customers. Orange Belgium provides fixed and mobile connectivity services to more than 3 million customers in Belgium and Luxembourg.

Orange announced that the perpetrators did not gain access to the passwords, email addresses, or financial information of the affected customers, but they did manage to compromise the systems containing certain account information. The cyberattack perpetrator was able to obtain the following data: first name, last name, phone number, SIM card number, PUK code, and rate plan.

Orange also mentioned that it is aware of the group responsible for the data leak, but that it will not disclose details of the incident at this time because an investigation is still ongoing.

Orange Belgium is notifying all customers affected by this incident by email or text message, advising them to remain alert to any suspicious messages or calls, as it is believed that fraudsters could use the stolen information to impersonate Orange or another company and trick them into sharing other confidential data, such as passwords and banking information.

Additionally, to prevent phone number theft, in which a potential scammer requests the transfer of stolen phone numbers to another operator (SIM swapping), Orange has added an additional control to the number transfer procedure between operators. Thus, when Orange receives a request to transfer a number to another operator, it will send a verification SMS to the customer in question, who can cancel the request if it is not legitimate.