Martina Alberti

Author

date

Published: October 29, 2024

Free Confirms Cyberattack Compromising Customer Data

Free, the second-largest internet service provider in France and a subsidiary of Iliad S.A., confirmed it suffered a cyberattack over the weekend. The company disclosed that unauthorized access to its internal management system has potentially exposed customer data.

The cyberattack specifically targeted Free’s subscriber management systems, and preliminary findings suggest that personal information of some users may have been accessed. While Free assured that no sensitive data—such as passwords, bank card details, or customer communications—were compromised, the company revealed that personal details like names, phone numbers, postal addresses, dates of birth, and email addresses were exposed.

Details of the breach surfaced after a cybercriminal attempted to sell the data on a well-known cybercrime forum. Two separate databases were listed for sale: one reportedly containing nearly 19.2 million customer records and another with over 5 million IBAN records. Screenshots and data samples were shared by the attacker to verify the legitimacy of the information.

French data protection and cybersecurity agencies, CNIL and ANSSI, have been informed, and Free has filed a criminal complaint. In a statement, Free reassured its customers, saying,

“All necessary measures were promptly taken to end this attack and enhance our information system security.”

The ISP confirmed that customer operations are unaffected, with no disruptions reported in its services.