Free, the second-largest internet service provider in France, has confirmed a significant data breach affecting approximately 19.2 million customers. The breach was reported to France's cyber agency after threat actors targeted a management tool to exfiltrate sensitive user data, including over 5.11 million IBAN numbers, email addresses, and phone numbers.
Despite the scale of the breach, Free has assured that no passwords or bank card details were compromised, and their services remained operational. The company is in the process of notifying affected customers via email, emphasizing that while the leaked IBAN numbers pose limited risk for direct financial theft, individuals should remain vigilant against potential phishing attacks.
The incident highlights the growing trend of cyberattacks targeting large service providers, as seen in a similar breach at SFR, the third-largest telecommunications company in France. As cybercriminals increasingly exploit vulnerabilities in major systems, consumers worldwide must be aware of the risks associated with their personal data.