Introduction
A significant data breach has been reported involving Orange Group’s Romanian systems, allegedly perpetrated by a hacker known as ‘Rey’ from the HellCat ransomware group. This breach has potentially severe implications for various sectors, including government [3], education [3], healthcare [3], finance, and energy [3].
Description
A hacker known as ‘Rey’ [2], affiliated with the HellCat ransomware group [2], has claimed to have stolen approximately 7.19GB of internal documents from Orange Group’s Romanian systems [2], affecting various sectors [3], including government institutions [3], educational facilities [3], healthcare units [3], financial institutions [3], and energy companies [3]. The breach reportedly involves user records [2], employee data [2], source code [2], internal invoices [2], client contracts [2] [3], project blueprints [2], and 380,000 email addresses linked to both consumer and business accounts [2]. Among the extracted data are 8,601 files from Orange’s JIRA server and 235 JSON files detailing employee-reported issues, including GDPR compliance risks and IT security gaps [1]. However, there is no indication that password hashes or payment details were compromised [2].
The breach is believed to have occurred due to a lack of major security updates to Orange’s employee authentication portals [2], potentially resulting from phishing attacks and unpatched vulnerabilities in the company’s cloud storage systems [2]. Cybersecurity experts warn that the exposed email addresses could lead to targeted phishing campaigns [2], fraud [3], identity theft [3], and social engineering attacks on users [3]. The use of AI technology in analyzing the stolen data allows hackers to efficiently extract sensitive information, identify high-value targets [1], and locate personally identifiable information (PII) within large datasets [1]. This capability enhances the potential for corporate espionage and blackmail by flagging compliance issues and internal problems that could be exploited.
The Romanian National Cybersecurity Directorate (DNSC) has advised individuals and legal entities to remain vigilant against suspicious communications claiming to be from Orange Romania and to monitor their bank transactions closely, especially those linked to contracts with the company [3]. Orange Communication has acknowledged “irregularities in its data logs” but has not confirmed the breach [2], asserting that its core networks remain secure and advising customers to enable two-factor authentication [2]. Regulatory bodies in the European Union are conducting preliminary inquiries to assess potential violations of the General Data Protection Regulation (GDPR) [2].
Conclusion
The breach of Orange Group’s Romanian systems underscores the critical need for robust cybersecurity measures and regular updates to security protocols. The potential for misuse of the stolen data is significant, with risks of phishing, identity theft [3], and corporate espionage [1]. Organizations and individuals must remain vigilant and proactive in safeguarding their information. The incident also highlights the importance of regulatory oversight and compliance with data protection laws, such as the GDPR, to mitigate future risks and protect sensitive information.
References
[1] https://www.infostealers.com/article/ais-role-in-turning-massive-data-leaks-into-hacker-paydays-a-look-at-the-orange-breach/
[2] https://www.cybersecurityintelligence.com/blog/orange-group-hacked—user-data-stolen-8289.html
[3] https://www.romania-insider.com/dnsc-orange-security-breach-institutions-companies-romania-2025
