Bouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack.
The company is one of the largest telecommunication service providers in France, offering mobile, internet, and IPTV services. Bouygues Telecom has 14.5 million mobile subscribers, 9,000 employees, and an annual revenue of €56.8 billion ($66B).
Bouygues Telecom confirmed in a FAQ and a press statement that the attack occurred last Sunday, August 4, 2025.
Although Bouygues Telecom says that there has been no impact observed on customer services or networks, the personal data of 6.4 million customers was compromised.
“Bouygues Telecom was the victim of a cyberattack that allowed unauthorized access to certain personal data from 6.4 million customer account,” reads the translated press statement.
“The situation was resolved as quickly as possible by Bouygues Telecom’s technical teams, and all necessary additional measures have been implemented.”
A previous statement says that internal investigations confirmed that the attack was orchestrated by a ‘known cybercriminal group’ that targeted ‘specific internal resources.’
The firm informed the French National Cybersecurity Agency (ANSSI) and the CNIL (French data protection authority) accordingly, noting that the perpetrator could face up to 5 years of imprisonment and a €150,000 fine for this attack.
According to the FAQ, the following customer information was stolen:
- Contact details
- Contract information
- Civil status data
- Company details (for business customers)
- International Bank Account Numbers (IBANs)
Importantly, the company said that no credit card numbers or Bouygues Telecom account passwords were compromised.
The company has now blocked the attacker’s access to its network, increased monitoring, and implemented additional security measures.
Customers are being informed of the breach directly via SMS and email, but the situation has exposed them to fraud and phishing risks.
Bouygues Telecom urges its customers not to give away sensitive information like their login credentials to people calling them and mentioning their name and account number to gain their trust.
Although the leaked IBANs are not enough for initial transfers, impacted individuals are still advised to regularly check their debits and contact their bank immediately if they notice suspicious activity.
Just last week, another French telecommunications giant, Orange, disclosed a similar network breach that occurred on July 25, 2025.
Investigations to determine whether customer data was stolen are still ongoing, and the company has not published an update on this.
These incidents targeting European telecom providers echo similar attacks against U.S.-based telcos, attributed to Chinese cyber-espionage agents of the Salt Typhoon hacking group.
BleepingComputer contacted Bouygues Teleco with questions about the attack and will update the story if we receive a response.
Red Report 2025: Analyzing the Top ATT&CK Techniques Used by 93% of Malware
Malware targeting password stores surged 3X as attackers executed stealthy Perfect Heist scenarios, infiltrating and exploiting critical systems.
Discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Related Articles:
Air France and KLM disclose data breaches impacting customers
Cisco discloses data breach impacting Cisco.com user accounts
Google suffers data breach in ongoing Salesforce data theft attacks
Pandora confirms data breach amid ongoing Salesforce data theft attacks
PBS confirms data breach after employee info leaked on Discord servers