What Happened
In February 2025, Orange Romania experienced a significant data breach when the HellCat ransomware group, led by a hacker using the alias “Rey,” infiltrated the company’s systems through exploited vulnerabilities in Jira software and compromised credentials, exfiltrating approximately 6.5GB of data across 12,000 files over a three-hour period. The breach exposed 380,000 unique email addresses belonging to current and former employees, partners, and contractors, along with source code, internal documents, contracts, invoices, customer records, and partial payment card details (many of which were expired). The attacker had maintained access to Orange’s systems for over a month before executing the data exfiltration and subsequently published details on hacker forums after Orange declined to negotiate. Orange confirmed that the breach targeted a non-critical back office application and stated that customer operations were unaffected, while authorities launched an investigation to assess risks and enhance security. A subsequent claim in March 2025 by the Babuk ransomware group alleged an additional theft of 4.5TB of data, though Orange Romania attributed this to republication of data from the original February breach.
