1.3M Orange Belgium customers exposed. Hackers stole SIM data & PUK codes. The Warlock gang strikes—are you at risk? Act now.

Continue reading
On August 20, 2025, Orange Belgium disclosed a significant cyberattack impacting 850,000 customers, approximately one-third of its subscriber base in Belgium and Luxembourg. The breach, detected in late July, exposed sensitive personal data including :
Notably, the company confirmed that passwords, email addresses, and financial data were not compromised, as these are stored on separate, isolated systems. The breach primarily affected a customer management database, though operational services remained uninterrupted.
The intrusion has been attributed to Warlock, an emerging ransomware gang exploiting a chain of SharePoint Server vulnerabilities known as ToolShell. These vulnerabilities, patched by Microsoft in July 2025, allow authentication bypass and remote code execution (RCE). Trend Micro researchers noted that Warlock used HTTP POST requests to upload webshells, followed by lateral movement using Group Policy abuse and credential theft.
Warlock claims to have exfiltrated data without encrypting systems—a trend increasingly common among ransomware groups focusing on extortion. Orange Belgium refused to pay a ransom, leading to the data being published on dark web leak sites. The group’s tactics mirror those of LockBit 3.0, whose source code was leaked in 2023.
Orange Belgium’s incident response included:
However, cybersecurity experts criticized the response:
This incident is the third major cyberattack against Orange subsidiaries in 2025:
| Date | Target | Threat Actor | Impact | Source |
|---|---|---|---|---|
| February 2025 | Orange Romania | HellCat/Rey | 6.5GB of employee data, partial payment cards, and 380,000 email addresses | |
| July 2025 | Orange Group (France) | Unidentified | Operational disruptions; no data confirmed stolen | |
These incidents highlight systemic vulnerabilities in Orange’s infrastructure, including:
The Orange Belgium breach occurred amid a global surge in telecom-targeted attacks:
Regulatory bodies like the FCC are tightening cybersecurity requirements for critical communications infrastructure, emphasizing Zero Trust frameworks and mandatory incident reporting.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been
| July 2025 |
| Orange Belgium |
| Warlock |
| 850,000 customer records with SIM/PUK codes |