What Happened
In August 2025, French telecommunications company Bouygues Telecom, the third-largest mobile operator with around 27 million customers, suffered a cyberattack detected on August 4, enabling unauthorized access to personal data from 6.4 million customer accounts. The exposed information included contact details, contractual data, civil status or company data (for professionals), and IBANs (international bank account numbers), but excluded bank card numbers and account passwords. Bouygues swiftly contained the breach, notified affected customers via email or SMS, reported it to France’s data protection agency CNIL and cybersecurity agency ANSSI, filed a criminal complaint, and advised vigilance against phishing and unauthorized direct debits. No specific attacker was publicly identified, though it occurred amid heightened telecom sector threats.
