Telecommunications company Orange Belgium has confirmed that it was the target of a cyberattack at the end of July, with a hacker gaining access to around 850,000 customer accounts. 

The telecom operator assured that no critical details such as passwords, email addresses or bank information were exposed, but urged customers to remain vigilant and never share their passwords.

Once the breach was discovered, Orange blocked access to the compromised system and reinforced its security measures. The company has also filed a complaint with the authorities.

"The hacker gained access to one of our IT systems containing the following data: surname, first name, telephone number, SIM card number, PUK code and tariff plan," Orange said in a press release.

"As soon as the incident was discovered, our teams blocked access to the system in question and tightened our security measures. Orange Belgium also alerted the competent authorities and filed an official complaint with the judicial authorities."

"Be alert to suspicious communications"

It remains unclear what has happened to the stolen data, but the operator confirmed that affected customers will be notified by email or text message. In the meantime, it is urging them to be alert to suspicious communications.

Ethical hacker Inti De Ceukelaire warned on X of the heightened risk of "SIM swapping", a form of identity theft in which criminals take over a phone number to access private information such as social media or even banking details. He highlighted that the SIM card number and PUK code could be used to change the PIN, and called on the company to give more clarity on the security measures being introduced.

Orange has responded that it has already implemented "additional security measures at various levels" to reduce the risk of fraudulent SIM swaps, though it has not disclosed specific details.