Free, France’s second-largest internet service provider, confirmed it was hacked this weekend. The Paris-based company, which serves over 22.9 million mobile and fixed-line subscribers, issued a statement on October 26 confirming unauthorized access to personal information related to certain subscriber accounts. This Free cyberattack incident came to light after the attempted sale of what was claimed to be Free’s customer data on a cybercrime forum.
The company revealed to Agence France-Presse (AFP) that the Free cyberattack targeted a management tool within its system, allowing attackers unauthorized access to some personal data. However, the company clarified that no sensitive financial information—such as bank details, passwords, or communication content—was affected. While Free declined to specify the exact date or scope of the breach, the company assured its users and the public that there was “no operational impact” on its services.
As reported by the newspaper Le Monde, to address the situation, Free promptly filed a criminal complaint with the public prosecutor and reported the incident to France’s National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI). These actions comply with French law, which mandates prompt notification of data breaches to cybersecurity authorities.
Immediate Measures Taken on Free Cyberattack
Following the Free Data breach, the company implemented various cybersecurity measures to stop unauthorized access and reinforce its system defenses. The company also confirmed that affected subscribers have been or will soon be notified via email. Free’s announcement emphasized that it “took all necessary steps immediately to end this attack and strengthen the protection of our information systems.”
By informing both authorities and affected subscribers, the company adhered to legal obligations and displayed its commitment to customer security.
This Free data breach comes just over a month after another leading French telecom provider, SFR, experienced a cyber incident affecting customer information. In September, SFR reported a security breach that exposed customer banking details and other personal data, allegedly through an attack on its customer order management system. Together, these recent incidents have raised concerns about cybersecurity among French telecom providers and highlighted vulnerabilities in customer management systems.
The Role of French Cybersecurity Authorities
In compliance with legal requirements, Free quickly involved CNIL and ANSSI, two primary authorities overseeing data security and cyber defense in France. The National Commission for Information Technology and Civil Liberties (CNIL) is responsible for enforcing data protection laws and ensuring that organizations handle personal data responsibly. ANSSI, France’s national cybersecurity agency, provides strategic guidance, support, and response coordination during significant cyber incidents.
By notifying CNIL and ANSSI, Free is enabling these agencies to provide oversight and potentially assist in investigating the breach. This collaborative approach between companies and government bodies reflects the strong cybersecurity framework established in France, which mandates clear reporting protocols for any organization that experiences a data breach involving personal data.
What This Means for Free Subscribers
For Free subscribers, the news of the Free cyberattack may understandably be concerning. However, the company’s assurance that no passwords, financial details, or communication content were accessed aims to ease fears of financial fraud or further data misuse. Even though Free data breach appears less severe than some recent cyberattacks, it highlights the potential risk to subscriber information whenever a management system is compromised.
Subscribers affected by this breach are advised to stay alert to any suspicious activities related to their accounts and to follow any recommendations provided in the notification email.
Growing Cyber Threat Landscape in France
The recent string of attacks on major French telecom companies highlights a concerning trend in cybersecurity. With attackers increasingly targeting customer management systems and other critical infrastructure within telecom companies, French ISPs and telecom providers are under more pressure than ever to invest in strong cybersecurity measures.
The recurring breaches have prompted French cybersecurity experts to call for stricter industry-wide standards, and government agencies like ANSSI and CNIL are urging telecom operators to continuously upgrade their defenses against sophisticated cyber threats.
The cyberattack against Free also raises awareness about the importance of vigilance among companies and subscribers alike.