Customers’ personal information has been stolen from one of France’s major ISPs. Free S.A.S. confirmed the breach this past weekend.
According to the firm, no passwords, bank card information, or the contents of communications (emails, SMS, or voicemails) were involved, and operations were not affected. But Bitdefender reports that the situation may be more serious than Free’s statement suggests:
Nonetheless, the hacker (who calls themselves “drussellx”) posted a message on a dark web cybercrime forum offering up for auction two databases stolen from Free – containing details of over 19 million customer accounts, and over five million IBAN details.
Free has been keen to downplay the significance of the leak of the IBAN details, saying that it is “not enough to make a direct debit from a bank.”
According to the hacker, the data being offered for sale was exfiltrated on 17 October 2024, and contains the names, telephone numbers, email and postal addresses, and dates of birth of Free customers.
Read more at Bitdefender.