Bouygues Telecom confirms a massive cyberattack affecting 6.4 million customers, exposing personal details and IBANs. Here’s what happened, why it matters, and how to protect yourself.

Continue reading

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been
Bouygues Telecom announced that on August 4, 2025, its cybersecurity team detected unauthorized access to a customer database. An internal review revealed 6.4 million customer accounts were compromised — a scale that eclipses the 2020 Orange Spain breach (5.1M) and is comparable to T-Mobile’s 2021 incident (7.8M).
> 💡 No payment card numbers, passwords, or direct debit authorizations were accessed.
Official details are limited, but cybersecurity analysts outline possible scenarios.
Jean-Luc Moreau, a Paris-based cybersecurity consultant, warns:
> “In 80% of telecom breaches, attackers exploit human error or third-party weaknesses. Bouygues will need to prove they closed those gaps.”
Bouygues Telecom Spokesperson:
> “We immediately blocked the intrusion, notified all affected customers, and strengthened our system monitoring. We are cooperating fully with CNIL and ANSSI to ensure transparency.”
CNIL Representative:
> “Our role is to determine whether adequate security measures were in place under GDPR Article 32. The presence of financial identifiers like IBANs raises compliance concerns.”
This is the largest telecom breach in France in a decade and the second in a month after Orange’s July incident. The timing and sector targeting raise concerns about:
Marie Dubois, telecom risk analyst, notes:
> “The EU’s NIS2 Directive, coming into force in 2025, mandates higher resilience standards. This breach will accelerate compliance pressure on operators.”
Global telecom breaches (last 5 years):
This shows telecoms are prime targets due to:
The Bouygues breach is more than a corporate crisis — it’s a wake-up call for France’s telecom sector and a case study for EU-wide cyber resilience. With regulators already engaged, the fallout will likely influence policy, corporate governance, and consumer trust for years to come.

Hackers exploited a four-year-old credential in Klue's systems to steal customer data, impacting LastPass and several cybersecurity firms in a supply chain breach