Overview

• The intrusion, detected in late July, exposed names, phone numbers, SIM identifiers, PUK codes, and tariff plans tied to customer accounts.
• Orange says passwords, email or home addresses, and financial data were not accessed, and it reports no evidence of misuse so far.
• Impacted customers are being notified by email or SMS as the company adds phone-support secret questions and continues in‑store ID checks.
• The Warlock ransomware group has claimed responsibility and posted sample data, though Orange has not confirmed attribution during the ongoing investigation.
• Security researchers fault Orange Belgium for downplaying SIM‑swap risk, while the firm alerts authorities and files a judicial complaint.