Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information.
Eurofiber France SAS is the French unit of the Eurofiber Group N.V., a Dutch telecommunications service provider that operates a fiber network of 76,000 km across the Netherlands, Belgium, France, and Germany.
The company specializes in providing digital infrastructure for businesses, rather than the consumer market.
No critical data impacted
The cybersecurity incident impacts only the French division of the group, the company says in the announcement, including its cloud division (ATE portal) and its regional Eurafibre, FullSave, Netiwan, and Avelia sub-brands.
In a press release, the company states that the impact is minimal for indirect sales and wholesale partners in France, as most of them rely on separate systems.
“In the first hours following detection, the ticketing platform and the ATE portal were placed under enhanced security, and the vulnerability was patched,” mentions Eurofiber France.
“Additional measures have been implemented to prevent any further data leaks and strengthen system security.”
Although the company said that banking details or other “critical data” stored on its other systems were not affected by this incident, it did not specify exactly what types of data were stolen, only mentioning that it would notify affected customers.
Threat actor claims breach
BleepingComputer found that a threat actor calling themselves ‘ByteToBreach’ claimed the attack on a data leak forum, alleging that they stole data belonging to 10,000 businesses and even government entities, all clients of Eurofiber.
The threat actor claims to be holding data that the clients uploaded to the ticketing system, including screenshots, VPN configuration files, credentials, source code, certificates, archives, email accounts as files, and SQL backup files.
Source: BleepingComputer
BleepingComputer has contacted Eurofiber France for clarification about the allegations, types of data exposed in the incident, the number of customers impacted, and the name of the breached software, but we are still waiting for the company to respond.
Eurofiber France said it has notified the French data protection agency (CNIL) as well as ANSSI – the country’s cybersecurity agency, and filed a report for extortion, indicating that the threat actor has demanded payment to not leak the stolen data.
Last August, another French telecommunications service provider, Bouygues Telecom, suffered a data breach that exposed the personal data of 6.4 million customers.
Earlier, in July 2025, Orange France disclosed a cybersecurity breach on its network, though it has not confirmed data theft as of yet.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.