French firm Bouygues Telecom suffered a data breach impacting 6.4M customers
French firm Bouygues Telecom suffered a data breach impacting 6.4M customers
August 08, 2025
Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers.
French telecommunications company Bouygues Telecom suffered a cyberattack that resulted in the compromise of personal information of 6.4 million customers.
Bouygues Telecom, part of the Bouygues industrial group, is one of France’s leading telecom providers, offering mobile, internet, and IPTV services. Founded in 1994, the company is the country’s third-oldest mobile operator. The telecom firm serves over 23 million customers and continues to invest heavily in expanding and improving its 5G infrastructure.
On August 4, Bouygues Telecom detected a cyberattack that allowed a third party to access personal data linked to certain subscriptions. The company is notifying affected customers by email or text, and has taken swift action to stop the attack and enhance its system security.
“On August 4, Bouygues Telecom detected a cyberattack. After analysis, it appears that a third party was able to access personal information associated with certain Bouygues Telecom subscriptions. All affected customers have received or will receive an email or text message informing them.” reads the statement published by the company. “Our technical teams implemented actions as quickly as possible to put an end to this attack and took additional measures necessary to strengthen the security of our information system.”
Compromised data associated with Bouygues Telecom subscriptions are: contact details, contractual data, civil status data or company data if customers are professionals, as well as IBANs.
The French firm pointed out that Bank card numbers and passwords for its customers’ Bouygues Telecom accounts are not impacted.
Bouygues Telecom advises customers who received its email or text alert to remain vigilant against potential fraud attempts, such as phishing emails or scam calls. Using stolen data, criminals may pose as Bouygues Telecom, banks, or other companies to obtain sensitive details like bank card numbers or login credentials. Customers are urged never to share such information, to distrust unsolicited calls, even from supposed bank advisors, and to hang up and call back via official numbers if in doubt.
Bouygues Telecom sought to reassure customers, noting that while an IBAN alone cannot be used to transfer money without consent, fraudsters could attempt unauthorized direct debits by impersonating the account holder. Customers are advised to regularly review bank statements for suspicious withdrawals and contact their bank immediately if anything seems unusual. Regulations allow blocking any unauthorized debit for up to 13 months.
Bouygues is not the only French telecom firm that suffered a cyber attack this year. On July 25, Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems.
Orange, with help from Orange Cyberdefense, quickly isolated affected systems after a cyberattack, causing service disruptions for some corporate and consumer clients in France.
Orange hasn’t named those behind the cyberattack, but the incident resembles global telecom breaches tied to the China-linked Salt Typhoon APT group.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Bouygues)
