Orange Cyberattack Claimed by Warlock Hacking Group, Data Sample Leaked
Published on August 18, 2025
- Data sale: The Warlock operators today claimed they are selling data stolen from Orange Telecommunications.
- Breach acknowledgement: On July 28, the company announced that it had suffered a cyberattack that impacted one of its systems.
- Leaked sample: A portion of the reportedly stolen files has already been published, with the remaining files still available for sale.
The Warlock hacking group has claimed responsibility for a breach targeting Orange, one of the world’s leading telecommunications providers. Alongside its claim, Warlock allegedly provided a data sample from the breach, though the scope and impact of the incident remain under investigation.
Incident and Immediate Actions
Orange confirmed detecting a cyberattack on July 25, 2025, which affected one of its information systems. Warlock ransomware operators published a 4 GB data sample claiming to be from a recent Orange data breach and reportedly sell the rest of the files.
Yet, the company’s announcement states there is no evidence of theft or exposure of customer or internal data at the time of its publication, and it did not attribute the incident to ransomware.
Restoration efforts for affected services commenced immediately, and the company has filed a formal complaint and is collaborating with relevant authorities. To mitigate potential damage, internal teams, supported by Orange Cyberdefense, quickly isolated impacted platforms and services.
This tactical response resulted in temporary disruptions to management services and customer-facing platforms, primarily affecting business and consumer services in France.
In February 2025, a hacker claiming to be a member of the HellCat ransomware group announced they acted independently and stole thousands of Orange Group user and employee internal data from what appeared to be the company’s Romanian branch.
Implications for Telecommunications and Cybersecurity
This telecommunications breach has raised significant concerns over cybersecurity within the sector. Cyberattacks targeting companies like Orange not only disrupt essential services but can also undermine consumer trust and operational security.
The Warlock group’s alleged involvement highlights the increasing sophistication of threat actors and the global risks they pose.
Recently, Storm-2603 was seen exploiting SharePoint flaws via Warlock Ransomware deployment. A few days ago, Warlock operators claimed a cyberattack targeting the U.K.-based telecommunications company Colt Technology Services, which caused a prolonged outage.
Strengthening Cybersecurity
Orange’s swift containment actions highlight the importance of robust cybersecurity measures in mitigating breaches. Organizations, especially in industries managing sensitive data, must prioritize proactive defenses, including real-time monitoring, regular system audits, and collaborative responses with cybersecurity experts and law enforcement.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular