What Happened
In October 2024, specifically around October 17, French internet service provider Free (Free Mobile/Free S.A.S.) suffered a data breach when a hacker using the alias “drussellx” targeted a management tool, exfiltrating customer data later auctioned on a dark web forum. The compromised information included names, phone numbers, email addresses, postal addresses, dates of birth, genders, and for a subset of records (over 5 million IBAN details per the hacker, or about a quarter of affected users), partial banking data—though Free stated no passwords, full bank card details, or communication contents were exposed, and IBANs alone were insufficient for direct debits. Reports vary on scale, with the hacker claiming over 19 million customer accounts and 5 million IBANs from Free’s 22 million+ subscribers, Have I Been Pwned citing 13.9-14 million unique emails across 13.9 million accounts later leaked publicly, and other sources estimating up to 23 million impacted. Free confirmed the incident to Le Monde, reported it to authorities, downplayed service disruptions, and planned customer notifications, while advising users to enhance personal defenses.
