PARIS, May 7 (Reuters) - French telecoms group Orange said around 1.3 million users of its online portal fell victim to a theft of personal data, including telephone numbers, dates of birth and email addresses, last month.
It is the second breach in three months for Orange, and comes at a time of intense scrutiny of companies’ cyber-defences after a massive hack at U.S. retailer Target and the discovery of the “Heartbleed” bug that exposed weaknesses in a commonly used web encyption programme.
In mid-April, hackers accessed a software platform that Orange used to send promotional emails and text messages to people who had agreed to receive them.
All the people affected were informed, the group said, and were warned to look out for ‘phishing’ attacks where hackers send emails disguised as requests from legitimate companies to fool people into handing over more personal data.
No payment information or credit card numbers were stolen from Orange, making the breach less serious than the one at Target, in which 40 million credit card details were taken and the chief executive was later dismissed.
But the intrusion at Orange is embarassing for its Chief Executive Stephane Richard because he has cast the company as a guardian of its customers data after revelations of widespread spying by the U.S. National Security Agency last year.
At a company event in November showcasing Orange’s innovations, Richard signed a charter on data protection in which Orange pledged to always keep its customers’ information safe, among other engagements.
In February, Orange revealed that some 800,000 people had their emails, passwords, addresses and phone numbers stolen from its customer website.
Orange, which is Europe’s fourth-biggest telecom group by sales, saw its shares slip 0.5 percent at 8:35 GMT, in line with Europe’s telecom index. (Reporting by Leila Abboud and Jean-Baptiste Vey; Writing by Brian Love; Editing by James Regan)