French ISP Verifies Cyberattack, 19M Data Breach

Over the weekend, Free, a French telecom operator and the nation's second-largest Internet service provider (ISP), said that it had been the target of a cyberattack. It's the most recent in a string of assaults on telcos and ISPs. The ISP reported to Agence France-Presse (AFP) on October 26 that a threat actor had stolen data from the company's internal management tool, collecting information on the company's users, and tried to sell the material on the Dark Web in a cybercrime forum.

French ISP Verifies Cyberattack, 19M Data Breach
Over the weekend, Free, a French telecom operator and the nation's second-largest Internet service provider (ISP), said that it had been the target of a cyberattack. It's the most recent in a string of assaults on telcos and ISPs. The ISP reported to Agence France-Presse (AFP) on October 26 that a threat actor had stolen data from the company's internal management tool, collecting information on the company's users, and tried to sell the material on the Dark Web in a cybercrime forum.
The hacker, who goes by the handle "drussellx," put two datasets that were taken from the ISP provider up for auction in a post on the site. According to reports, the databases included data on over 5 million foreign bank accounts and over 19 million client accounts. Free claims that the malicious actors obtained "unauthorized access to some of the personal data associated with the accounts of certain subscribers," referring to the company's more than 22 million fixed and mobile subscribers. It emphasized, meanwhile, that its services were unaffected and that no passwords, bank card details, emails, SMSs, or voicemails were hacked.
Bad actors are increasingly launching assaults against Internet service provider networks to steal data and provide a foundation for novel strategies and tactics. Consider the advanced persistent threat (APT) Salt Typhoon, which has been focusing on these networks in the United States, probably because of the data they can collect, including home addresses, billing details, SMSs, and more. ISPs are also the target of another APT outfit called Evasive Panda (also known as StormBambaoo and DaggerFly), which uses them as a springboard to take advantage of software vendor update systems using DNS poisoning.
Free claims that it will shortly be sending out emails to affected clients about the breach, following its own ISP attack. Additionally, it has notified the National Agency for the Security of Information Systems (ANSSI) and the National Commission for Information Technology and Civil Liberties (CNIL) in France and filed a criminal complaint.