Free France Breach

In October 2024, Free (Free.fr), France's second-largest internet service provider, suffered a massive data breach attributed to a cybercriminal known as "drussellx," who auctioned the stolen database on the BreachForums dark web marketplace. The breach, which Free confirmed involved unauthorized access to an internal management tool, affected virtually the entire subscriber base-approximately 18 million customers. While the company stated that passwords and credit card contents were not compromised, the leak exposed highly sensitive financial and personal identifiers, specifically targeting millions of International Bank Account Numbers (IBANs), raising immediate concerns about direct debit fraud and large-scale phishing campaigns targeting French citizens.