1 What happened to Bouygues Telecom?
On August 4, the teams of this telecom giant detected a cyber attack. Two days later, the company communicated on this leak, indicating “that a third party was able to access certain personal information associated with certain subscriptions”. This unauthorized access, blocked quickly, allowed the crooks to enter a database of 6.4 million customers, including contact details, contractual indications, civil status data and IBAN.
The operator said, however, that the bank card numbers and the passwords of Bouygues Telecom accounts were not exposed. Anyway, all customers were warned as soon as possible. A complaint was filed, in parallel, and the National Informatique and Freedoms Commission (CNIL) informed. The author of the offense is exposed to a sentence of up to five years in prison and € 150,000 fine.
2 What risks for affected customers?
These personal data acquired by crooks increase the risks of attempted phishing against customers affected by these leaks. In the name inspired by the English term “fishing” (fishing), this technique consists in throwing a bait, such as an email, an SMS or a message via any platform usurpating an actor (police, taxes, bank, delivery man, etc.) to encourage a victim to click on a fraudulent link. Thanks to this, the crook can extract sensitive data (bank card number, bank account connection identifiers, etc.) or enter the computer system.
Some lead to attempts at visiting, also of phishing, but by telephone call. The risk is all the greater to receive calls from false advisers, asking for bank access.
Finally, the leaks of Iban should not be overlooked. Admittedly, contrary to popular belief, it does not allow a crook to make a transfer from the account of the victim without authorization from him. But this document can be used to generate false mandates then addressed to banking establishments and initiate withdrawals without the knowledge of the full the victims.
It is then a question of carefully monitoring the transactions on your account, and of contacting your advisor in the event of a suspicious transfer. The law gives customers 13 months to contest an unauthorized levy. The bank must reimburse the victim immediately in the event of a debited sum without authorization.
3 What companies have recently been affected by this type of attack?
This leak occurs less than a year after a previous major attack on Free. Last October, the operator founded by Xavier Niel indicated that hackers had entered his management tool, stealing email addresses, postal, telephone numbers, subscribers and contractual data. Nearly 19 million subscribers seem to have been affected. On July 25, 2025, it was Orange’s turn to have been the target of an attack aimed at “one of its information systems”, without the data of its customers filtered.
Proof that no sector is spared, the Air France-KLM company also announced on Wednesday evening that it has been faced with a “data violation”. According to her, fraudulent access to a computer system operated by a third -party service provider made it possible to explain the contact information, the Flying Blue number and the status of certain customers, who have been warned by the company since. Credit data data, passport numbers, the balance of Miles Flying Blue, the password or the booking information was not revealed, however, reassured the company.
