
French telecom giant Orange has confirmed it experienced a cyberattack targeting one of its internal information systems on July 25. In response, the company swiftly isolated potentially affected services to contain the breach and minimize damage. This containment effort has caused disruptions across several platforms, particularly impacting some of Orange’s business clients and public sector services—mostly in France.
In a statement issued Monday, Orange said that remediation efforts are already underway, with service restoration expected to progress gradually through Wednesday. Importantly, the company emphasized that, at this stage, there’s no indication that any internal or customer data has been compromised or extracted.
While Orange has yet to share detailed information about the nature or origin of the attack, it has filed a formal complaint with relevant authorities and begun notifying impacted customers. Under Europe’s GDPR regulations, companies are obligated to report suspected data breaches to their local data protection authorities within 72 hours, which suggests compliance on Orange’s part.
Despite multiple inquiries from TechCrunch, the company has not disclosed whether it has the forensic tools in place to fully determine if any data was exfiltrated. That leaves some uncertainty about the full scope and intent of the attack.
Orange, which operates in 26 countries and serves over 291 million customers globally, employs more than 127,000 people. As one of the world’s largest telecom providers, any disruption to its services has far-reaching implications—underscoring the importance of strong cybersecurity protocols in an increasingly digital infrastructure landscape.
While the company works to restore normalcy, this incident serves as yet another reminder of the persistent and evolving threats facing critical service providers in Europe and beyond.