Security incident affecting Orange customers

The OSI internet security office is warning Orange mobile phone customers that the company has reported that one of its suppliers has been the victim of a security incident, giving rise to unauthorised access to its systems. This has caused sensitive information (name, surnames, postal address, telephone, email, DNI, date of birth, nationality and the IBAN code of the current account) of some of its clients to be exposed.

If you have received the communication from the affected company, OSI advise you to be especially careful in the coming months with emails, messages or calls of which you cannot confirm their origin or sender, especially messages that request bank information or credentials. These messages could be fraudulent.

In addition, you must be aware and regularly monitor what information circulates about you on the Internet to detect if your private data is being used without your consent. Practicing egosurfing will allow you to control what information there is about you online. If after searching for your personal information you find any data that you do not like or that is being offered without your consent, exercise your rights. The Spanish Agency for Data Protection provides you with the guidelines on how to do it.

In case your bank details have been affected by the incident, check your latest bank movements. If you detect any unknown movement, contact your bank to take the appropriate measures.

If you have any doubts, consult directly with the entity involved, in this case Orange, or with trusted third parties, such as the State Security Forces and Bodies (FCSE) and the Internet Security Office (OSI) of INCIBE.

To mitigate the scope of the incident, the telephone operator immediately cut off access to the company’s systems as soon as they became aware of what had happened, and thus prevent the consequences from escalating. In addition, it has notified the Spanish Data Protection Agency and the Technological Investigation Brigade (BCIT) of the National Police.

According to the company, the consequences that access to this data can cause can be:

  • Receiving advertising without the consent of the victim.
  • Sale of personal data to third parties.
  • Being a victim of identity theft or fraud on behalf of the affected person.
  • Theft of money with the information obtained from your bank account.

Remember, always be wary of messages, emails, or other communications you were not expecting, and confirm they are genuine before acting on them. Do not click suspicious links or submit your personal details unless you can be absolutely sure that you are doing so to the correct and secure place.