Major Telecom Security Breach Discovered
Orange Belgium, one of the country's leading telecommunications providers, has confirmed a significant cybersecurity incident that compromised approximately 850,000 customer accounts. The breach was discovered in late July 2025 when unauthorized access was detected within one of the company's IT systems.
Scope of Compromised Data
According to the company's official statement, the attackers gained access to personal information including full names, telephone numbers, SIM card identification numbers, PUK codes, and tariff plan details. However, Orange Belgium emphasized that critical security credentials remained protected throughout the incident.
What Was Not Compromised
The telecommunications giant confirmed that sensitive financial information, banking details, email addresses, and customer passwords were not accessed during the breach. This distinction is crucial as it prevents immediate financial fraud and identity theft scenarios that typically follow such incidents.
Immediate Response and Security Measures
Upon discovering the intrusion, Orange Belgium's cybersecurity teams immediately blocked access to the affected system and implemented enhanced security protocols. The company has notified relevant regulatory authorities and filed an official complaint with judicial authorities to support criminal investigation efforts.
Customer Notification Process
All affected customers are being contacted through email and SMS notifications. The company has established a dedicated web portal with comprehensive information and guidance for concerned subscribers. Customers are advised to remain vigilant against potential phishing attempts and suspicious communications.
Industry Context and Regulatory Implications
This incident marks the second cybersecurity breach affecting Orange operations in 2025, following an earlier incident that impacted multiple countries. Telecommunications companies remain prime targets for cybercriminals due to the vast amounts of personal data they manage and the critical infrastructure they operate.
Data Protection Compliance
Under European Union regulations, including the General Data Protection Regulation (GDPR), companies must report significant data breaches within 72 hours of discovery. Orange Belgium's prompt notification demonstrates compliance with these stringent requirements, though the full regulatory implications remain under assessment.
Ongoing Investigation and Future Precautions
The investigation into the breach continues, with cybersecurity experts working to identify the attack vectors and potential perpetrators. Orange Belgium has committed to strengthening its security infrastructure and implementing additional safeguards to prevent similar incidents in the future.
The company has assured customers that service continuity remains unaffected and that all necessary measures are being taken to protect user data and maintain trust in their telecommunications services.