The orange operator has made known this Monday that one of your suppliers has suffered a security breach. As a result of the incident, which is being notified to customers by email and SMS, part of the sensitive information to which this company had access has been exposed.
These are names, surnames, postal addresses, telephone numbers, emails, identity document numbers, dates of birth, nationalities and IBAN codes. The provider had access to this data, according to Orange, “to carry out the customer management activity for which it was hired.”
An incident affecting some Orange customers
At the moment the origin of the problem that gave rise to the security incident is not publicly known. The operator, however, has indicated that since it became aware of it, it launched a plan to limit its scope, which included prevent the provider from accessing their systems.
In addition, the company explains, an action protocol was activated to urgently inform affected customers. In a gap document points out that “only certain personal data of those customers who have received communication regarding this incident by Orange would be affected”.
From the National Cybersecurity Institute (INCIBE) recommend that, in case of having received a communication from Orange, keep special caution with emails, messages or calls whose origin or sender cannot be confirmed, especially messages that request banking information or credentials.
On the other hand, they suggest practicing egosurfing to know what personal information may be circulating on the Internet and detect if there is private data that is being used without consent. They also recommend reviewing the latest bank movements and, in case of detecting an unknown movement, immediately contact the bank.
Regarding the consequences that the security breach can cause, Orange points out that, in the slightest case, they can receive advertising without their consent. But they also warn of greater risks that range from the sale of personal data to third parties to the identity fraud and scams on behalf of victims.
In response to the incident, the operator says that it has also notified the Central Technological Investigation Brigade (BCIT) of the National Police. For customers, they have also made available the toll-free number 900901564, which is open from 9 a.m. to 9 p.m. from Monday to Sunday, and the email [email protected] from the Office of the Data Protection Officer.
Another phone company has also been affected in recent weeks. Telefónica detected a security breach in its systems and notified users, also, by email. In this case, certain technical information on the equipment and Wi-Fi of Movistar and O2 clients was exposed.
Images: Orange
In Xataka: WhatsApp acquaintance scam: what it is, how it works and how to identify and avoid this scam