Bouygues Telecom, France’s third-largest mobile carrier, has confirmed a major cyberattack that exposed personal data from 6.4 million customer accounts, and in a strange twist, appears to be hiding its breach disclosure from search engines.
According to a statement posted on its website, the company said it detected the attack on August 4, but did not specify how long attackers had access or when the breach was fully contained.
- Here is what was exposed:
- Contact info
- Contractual data
- Civil status (or company details if it’s a business account) IBANs (International Bank Account Numbers)
Bouygues, which serves nearly 27 million mobile customers, reported the breach to France’s data protection watchdog, CNIL. But if you are trying to search for the announcement online, good luck; the page about the cyberattack contains a hidden “noindex” tag in the code. That tag tells Google and other search engines not to list the page, making it nearly impossible to find unless you already have the link.
Related: Orange Grapples With Cyber Attack Months After Massive Data Leak.
Why hide a public notice about a data breach that affects millions? Great question. The company has not explained. A spokesperson also didn’t respond to requests for more info on what happened, how long the breach lasted, or why it’s obscuring the very page meant to inform victims.
The breach comes just days after Orange, France’s largest telecom provider, confirmed its cyberattack on July 29, warning customers to expect service disruptions while it isolated affected systems. Orange serves a massive 290 million+ customers worldwide.
That is now two major French telecoms hit in a span of one week. Should telecoms be allowed to downplay breaches when they hold this much of the internet’s plumbing?
