French ISP Confirms Cyberattack, Data Breach Affecting 19M

In the latest attack against ISPs, second-largest French provider Free fell victim to unknown cyberattackers who attempted to sell the compromised data it stole from the company on an underground cybercrime forum.

Dark Reading Staff, Dark Reading

October 29, 2024

2 Min Read
Mobile phone featuring logo of French telecommunications company Free SAS, in front of a laptop screen
Source: Timon Schneider via Alamy Stock Photo

Free, a French telecommunications company and the second largest Internet service provider (ISP) in the country, has disclosed a cyberattack it fell a victim to over the weekend. It's the latest in a line of attacks against ISPs and telcos of late.

A threat actor stole information from the company's internal management tool, gathering data on the company's subscribers, and attempted to sell the data on the Dark Web in a cybercrime forum, the ISP confirmed to Agence France-Presse (AFP) on Oct. 26.

The hacker, known as "drussellx," posted a message on the forum, putting two databases stolen from the ISP company up for auction. The databases reportedly contained information on more than 19 million customer accounts, and more than 5 million international bank account details.

The bad actors gained "unauthorized access to some of the personal data associated with the accounts of certain subscribers," according to Free, which has more than 22 million mobile and fixed subscribers. However, it stressed that no passwords, bank-card information, emails, SMSs, or voicemails were compromised, and that its services were not been impacted.

Internet service provider networks are increasingly being targeted by bad actors in attacks to steal data and set up base for new tactics and techniques. Take advanced persistent threat (APT) Salt Typhoon, for example, which has been targeting these networks in the US, likely due to the information they can garner, such as home addresses, billing information, SMSs, and more.

Another APT group, known as Evasive Panda (aka StormBambaoo and DaggerFly), also targets ISPs, using them as a launchpad to exploit software vendor update mechanisms by using DNS poisoning.

Now, in the wake of its own ISP attack, Free reports that it soon will be informing impacted customers via email regarding the breach. It has also filed a criminal complaint and informed France's National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI).

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights