What Happened
In August 2025, French telecommunications company Bouygues Telecom detected a cyberattack that exposed personal data from approximately 6.4 million customer accounts. The breach compromised sensitive information including names, physical addresses, phone numbers, dates of birth, email addresses, and International Bank Account Numbers (IBANs), though bank card numbers and account passwords were not affected. The company detected the intrusion on August 4, 2025, and immediately blocked attacker access while reinforcing security controls. Bouygues attributed the incident to a known cybercriminal group conducting a targeted attack rather than opportunistic ransomware, and the company notified all affected customers via email or text message while reporting the breach to France’s data protection authority (CNIL) and judicial authorities.
