An intrusion at the end of July exposed data for 850,000 Orange Belgium customer accounts. Compromised fields include full names, phone numbers, SIM card numbers, and PUK codes. Access to those combinations increases the risk of highly targeted phishing, SIM-based fraud, and phone number re-association attacks. Orange Belgium stated that passwords, email and home addresses, and financial information were not compromised. Security experts warned that the claim that no critical data was taken seems wrong and could cause real harm, and noted SIM identifiers are dangerous if used for identity verification because attackers can exploit them.
The association between the SIM ID, phone numbers, and real names is worrying and could enable very targeted frauds, such as phishing attacks addressing people by name or to re-associate phone numbers with a real person.
Large data breaches of this type simply should not happen, regardless of the utility of the stolen data. Having access to names linked to mobile numbers creates avenues for an attacker to conduct more plausible personalized phishing attacks.
no critical data was compromised.
seems wrong; could cause real harm.
Collection
[
|
...
]