Orange Romania

In February 2025, Orange Group confirmed a data breach affecting its Romanian operations. The HellCat ransomware group, led by a hacker known as "Rey," infiltrated the company’s systems, exfiltrating 6.5GB of internal data across 12,000 files. The breach exposed hundreds of thousands email addresses of employees, partners, and contractors, along with Yoxo customer data and partial payment card details (some expired). The attack stemmed from compromised credentials and vulnerabilities in Orange’s Jira software and internal portals. Orange stated customer operations were unaffected, as the breach targeted a non-critical system. Authorities are investigating the incident to assess risks and enhance security. This breach was shared with us by 'Bown', an independent security researcher.

Data Included in the Breach