Orange suffers major cyberattack, impacting French customers and public services. No evidence of data breach, recovery underway by Wednesday.

Continue reading
On Friday, July 25, 2025, Orange Group detected a cyberattack targeting one of its internal information systems. Its response, led by Orange Cyberdefense, involved rapid isolation of potentially affected services to contain the threat and prevent lateral movement across the network.
This containment step, while essential for security, inadvertently caused service disruptions—impacting specific corporate management platforms and select consumer-facing services, particularly in France.
| Date | Event |
|---|---|
| July 25, 2025 | Cyberattack detected; immediate isolation begins. |
| July 25–28 | Disruptions reported across business and consumer services, mostly in France. |
| July 28, 2025 | Orange files formal complaint and notifies authorities. |
| July 30 (Wed) | Timeline for gradual restoration of key services. |
By Wednesday morning, July 30, service restoration was planned to reach most affected platforms under heightened vigilance.
| Topic | Detail |
|---|---|
| Date detected | July 25, 2025 |
| Response action | Isolation of affected systems by Orange Cyberdefense |
| Primary impact region | France (business & public sectors; select consumer platforms) |
| Data breach status | No confirmed exfiltration; investigation ongoing |
| Recovery timeline | Gradual service restoration by Wednesday, July 30 |
| Threat actor speculated | Patterns align with Salt Typhoon telecom breaches |
| Regulatory response |
With no disclosure of initial infiltration method—phishing, zero-day, VPN compromise—security teams operate without clarity, which risks hidden persistence.
While isolating systems curtailed spread, it triggered significant downtime in critical management platforms—highlighting the careful balance between containment and continuity.
Filing formal complaints and GDPR notifications suggests seriousness; any subsequent findings could result in penalties or compliance reviews.
Past breaches (e.g. in Romania) and the evolving threat landscape underline the necessity for regular red teaming, network segmentation, and stronger threat detection.
Orange’s disclosure of a suspected cyberattack on July 25, 2025, and its swift isolation measures, led to service disruptions across business and some consumer platforms—especially in France. While no data loss has been confirmed so far, the incident fits a worrying global pattern tied to sophisticated, state-linked actors like Salt Typhoon. With a formal complaint lodged and recovery underway by July 30, the episode underscores the strategic vulnerability of telecom infrastructure and the criticality of advanced detection, incident response, and regulatory compliance in a digital-first world.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.
| Complaint filed July 28; GDPR authorities notified |
| Organizational scope | \~291–300 million customers, 26 countries, \~125–127k employees, €40B revenue |