Mobile security

Orange France Hacked

The personal details of about 1.3 million Orange France customers were stolen by hackers in April, the operator has admitted.

Details including the name, date of birth, fixed and mobile numbers, and email addresses (but not bank details) were stolen in a security breach that was discovered on April 18. The operator has warned that the information stolen could be used in phishing attacks on customers whose details were compromised.

Orange France admitted earlier this year that the personal information of about 800,000 customers was stolen during January.

The data breach highlights the constant struggle that operators face to keep their customers' data secure, a struggle that will be discussed at the upcoming Mobile Network Security Strategies conference in London, which will take place on May 21 at The Thistle Marble Arch hotel.

Patrick Donegan, Heavy Reading senior analyst and mobile network security expert who is hosting the conference, says operators need to consider their levels of investment in security systems, especially as they deploy new networks.

"Information security has always been a strong differentiator for telcos," says Donegan. "In the all-IP networking era, telcos need to increase investment in their own internal security processes as well as their network defenses. It's critical for telcos that their customers understand that they are their most trusted ally in the battle against attacks on private information, no matter who or where they come from."

That trust will come under increasing scrutiny, though, if such breaches become more commonplace. Ironically, Orange only recently conducted a survey which found that consumers are becoming increasingly concerned about the data being stored about them by third-party organizations such as communications service providers, handset manufacturers, and social media networks. (See Euronews: Consumers Freak Out Over Data Security.)

That concern will only increase if operators fail to tell their customers of such security breaches in a timely fashion.

George Anderson, a director at security technology specialist Webroot Software Inc. , is surprised by "the length of time between the attack happening and it becoming public knowledge -- almost three weeks -- especially as the data stolen is ideal for phishing subscribers using email, SMS and phone calls. Most phishing sites are 'live' for just a few hours and the phishing attack is often indistinguishable from genuine communications and requests. That's why it's vital that Orange France customers, the potential victims, are made aware of any threat to them immediately," said Anderson in comments emailed to Light Reading.

— Ray Le Maistre, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profile, Editor-in-Chief, Light Reading

Want to learn more about this topic? Check out the agenda for Mobile Network Security Strategies, which will take place on May 21 at The Thistle Marble Arch hotel in London. For more on the event, including the stellar service provider speaker line-up, see the event's official site.

DOShea 5/11/2014 | 5:08:20 PM
Re: slow reaction time Breaches like this will hopefull force operators to really tell customers how they protect their data throughout the value chain. Everyone claims high levels of security, and customers don't really know from one carrier to the next the different approaches that are being taken.
MordyK 5/9/2014 | 2:33:31 PM
Re: Value of data The market bears me out :)
Sarah Thomas 5/9/2014 | 2:13:49 PM
Re: slow reaction time I think it requires protective measures at every step of the value chain from the network to the web to end user devices. Right now, there are a lot of holes where things can go wrong.
Sarah Thomas 5/9/2014 | 2:12:55 PM
Re: Value of data ha, so cybercriminals are better at big-data analytics than operators? Not too far off...
MordyK 5/8/2014 | 9:33:14 PM
Value of data The joke is that while carrier's bsaically don't recognise the data's potential, hacker's recognise the locked up value and make attempts to get at it.

The upside of this is that business work on market economics, so attempts at getting this data highlight its potential value opportunity. 
danielcawrey 5/8/2014 | 2:29:36 PM
Re: slow reaction time Phishing and other types of social hacking are becoming a major problem. I am hoping that sometime soon we can come to a consensus on the web for digital identities to thwart this growing problem. 

The issue is that there are almost a byzantine array of solutions being developed. Two-auth is a nice stepping stone, but then you get into biometrics that can open up a host of issues that have never been considered. 
Sarah Thomas 5/8/2014 | 12:55:07 PM
slow reaction time Wow, it would seem that time is of the essence in any security breach like this so that customers can take necessary precautions to protect their identities. Is Orange advising them on what to do now, or is it too late?
Sign In