Bouygues Telecom has reported a data breach that exposed personal and financial information belonging to approximately 6.4 million customers. The compromised records include names, contact details, subscription information, and bank account identifiers (IBANs). Bouygues says that passwords and credit card numbers were not part of the leak.
The company’s internal security team discovered the breach on August 4, blocked the attacker’s access, and launched an investigation. Bouygues confirms that its mobile, broadband, and IPTV services were not disrupted and that customer-facing systems remain operational.
Individuals whose data was exposed are being informed by email and SMS. Bouygues urges affected customers to remain vigilant for potential fraud, particularly unusual calls, messages, or emails. The company warns that with sufficient personal and banking information, fraudsters could attempt impersonation scams—posing as Bouygues, a bank, or another service provider—to obtain additional data or authorization for transactions.
While an IBAN alone cannot be used to directly withdraw funds, it can be combined with other personal details to support social engineering attacks. Scammers may use the information to trick people into revealing login credentials, one-time codes, or authorizing payments.
Bouygues says the attacker accessed a limited but sensitive dataset, including customer contact details, civil-status or business identity information, and subscription records.
The company filed a formal complaint with law enforcement and notified France’s data protection authority, the CNIL, as well as ANSSI, the national cybersecurity agency. Under French law, an individual responsible for such an intrusion could face criminal penalties, including prison time and fines.
CNIL typically evaluates how organizations handled the breach—whether sufficient protections were in place before the incident, how quickly the company responded, and how effectively affected people were informed. ANSSI generally addresses broader cybersecurity risks, particularly where critical infrastructure or national services may be implicated.
Bouygues Telecom is one of France’s major telecom operators, serving over 14 million mobile subscribers and many more through its broadband and IPTV services. It competes with other national carriers and maintains an extensive cellular network across the country.
The company has not disclosed how the breach occurred or who might be responsible. Although internal teams acted promptly to shut down the attacker’s access, Bouygues acknowledges that leaked data could still be misused and continues to monitor the situation closely.
The incident follows shortly after a separate cyberattack reported by Orange France that disrupted some business platforms; Orange said no customer data was stolen in that case. The close timing of both events has raised questions about whether telecom providers in France are being targeted more aggressively.
Similar attacks against telecommunications companies have occurred in other countries in recent years, contributing to growing concerns about data privacy and the resilience of telecom infrastructure. These incidents increase pressure on operators to strengthen defenses, improve detection and response capabilities, and better protect customer data.
Bouygues is advising affected customers to monitor their bank accounts, report any suspicious transactions promptly, and never disclose sensitive information—such as passwords, PINs, or one-time codes—via phone or email, especially in response to unexpected requests.
Although Bouygues reports no disruption to core services, the breach underscores how personal information tied to financial details can be leveraged to target individuals. The company states it will continue investigating and coordinating with authorities as the situation develops.
(Photo by Fili Santillán)
See also: Europe must adapt to Russia’s hybrid cyber war
Want to learn more about cybersecurity and the cloud from industry leaders? Attend Cyber Security & Cloud Expo, which takes place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge.