The personal details of about 1.3 million Orange France customers were stolen by hackers in April, the operator has admitted.
Details including the name, date of birth, fixed and mobile numbers, and email addresses (but not bank details) were stolen in a security breach that was discovered on April 18. The operator has warned that the information stolen could be used in phishing attacks on customers whose details were compromised.
Orange France admitted earlier this year that the personal information of about 800,000 customers was stolen during January.
The data breach highlights the constant struggle that operators face to keep their customers' data secure, a struggle that will be discussed at the upcoming Mobile Network Security Strategies conference in London, which will take place on May 21 at The Thistle Marble Arch hotel.
Patrick Donegan, Heavy Reading senior analyst and mobile network security expert who is hosting the conference, says operators need to consider their levels of investment in security systems, especially as they deploy new networks.
"Information security has always been a strong differentiator for telcos," says Donegan. "In the all-IP networking era, telcos need to increase investment in their own internal security processes as well as their network defenses. It's critical for telcos that their customers understand that they are their most trusted ally in the battle against attacks on private information, no matter who or where they come from."
That trust will come under increasing scrutiny, though, if such breaches become more commonplace. Ironically, Orange only recently conducted a survey which found that consumers are becoming increasingly concerned about the data being stored about them by third-party organizations such as communications service providers, handset manufacturers, and social media networks. (See Euronews: Consumers Freak Out Over Data Security.)
That concern will only increase if operators fail to tell their customers of such security breaches in a timely fashion.
George Anderson, a director at security technology specialist Webroot Software Inc. , is surprised by "the length of time between the attack happening and it becoming public knowledge -- almost three weeks -- especially as the data stolen is ideal for phishing subscribers using email, SMS and phone calls. Most phishing sites are 'live' for just a few hours and the phishing attack is often indistinguishable from genuine communications and requests. That's why it's vital that Orange France customers, the potential victims, are made aware of any threat to them immediately," said Anderson in comments emailed to Light Reading.
— Ray Le Maistre, , Editor-in-Chief, Light Reading
Want to learn more about this topic? Check out the agenda for Mobile Network Security Strategies, which will take place on May 21 at The Thistle Marble Arch hotel in London. For more on the event, including the stellar service provider speaker line-up, see the event's official site.