PARIS May 7 French telecoms group Orange
said around 1.3 million users of its online portal
fell victim to a theft of personal data, including telephone
numbers, dates of birth and email addresses, last month.
It is the second breach in three months for Orange, and
comes at a time of intense scrutiny of companies' cyber-defences
after a massive hack at U.S. retailer Target and the
discovery of the "Heartbleed" bug that exposed weaknesses in a
commonly used web encyption programme.
In mid-April, hackers accessed a software platform that
Orange used to send promotional emails and text messages to
people who had agreed to receive them.
All the people affected were informed, the group said, and
were warned to look out for 'phishing' attacks where hackers
send emails disguised as requests from legitimate companies to
fool people into handing over more personal data.
No payment information or credit card numbers were stolen
from Orange, making the breach less serious than the one at
Target, in which 40 million credit card details were taken and
the chief executive was later dismissed.
But the intrusion at Orange is embarassing for its Chief
Executive Stephane Richard because he has cast the company as a
guardian of its customers data after revelations of widespread
spying by the U.S. National Security Agency last year.
At a company event in November showcasing Orange's
innovations, Richard signed a charter on data protection in
which Orange pledged to always keep its customers' information
safe, among other engagements.
In February, Orange revealed that some 800,000 people had
their emails, passwords, addresses and phone numbers stolen from
its customer website.
Orange, which is Europe's fourth-biggest telecom group by
sales, saw its shares slip 0.5 percent at 8:35 GMT, in line with
Europe's telecom index.
(Reporting by Leila Abboud and Jean-Baptiste Vey; Writing by
Brian Love; Editing by James Regan)