Cyberattack against French ISP Free

Updated on 26/10/2024

26/10/2024

Free, France's second largest internet service provider (ISP), confirmed that cyber criminals accessed its systems and stole personal information of its customers over the weekend.

According to the ISP's statements to various media, the attack targeted a management tool that exposed subscriber data, and confirms that affected customers will be informed via email very soon. Free has also filed a criminal complaint with the public prosecutor's office and has notified the Commission Nationale de l'Informatique et des Libertés (CNIL) and the Agence Nationale de Sécurité des Systèmes d'Information (ANSSI) of the incident.

Separately, alleged leaked information from threat actor drussellx has been published on BreachForums, including details of the total number of affected customers along with their IBAN numbers, providing screenshots and database headers to prove the legitimacy of the data.

References

26/10/2024

lemonde.fr

Free porte plainte après une cyberattaque sur les données personnelles de ses abonnés, dont l’ampleur reste inconnue
28/10/2024

therecord.media

Free, France’s second-largest telecoms company, confirms being hit by cyberattack
28/10/2024

bleepingcomputer.com

Free, France’s second largest ISP, confirms data breach after leak
28/10/2024

bitdefender.com

French ISP Free confirms data breach after hacker puts customer data up for auction

Etiquetas