Search

Information regarding the incident on September 4th 2022

 

Incident information

 

Information regarding the incident on September 4th 2022

On Sunday, September 4 at 6 pm, Orange Cyberdefense learned that a file containing the personal data of a few hundred Micro-SOC customers in France had been published on a specialized forum (full name, email address, phone number, function, company, and the services they have subscribed to). In the next two hours we set up a crisis unit and started investigating. Our priority was to protect our customers and our own information system. On the 5th in the morning we identified the source of the data, which was a portal using the MicroSOC France service. So, we took additional security measures to secure the service and to avoid any further potential leaks.

On the 5th, in the afternoon, twenty hours after finding out about the incident, we contacted all affected customers by email. At the same time, their usual contact at Orange Cyberdefense called them individually. We explained everything we knew to them and reassured them about the following things:

  • that the service was operational and had not been interrupted or damaged
  • that there was no indication that their information systems had been compromised.

On the 5th and 6th, we also informed internal employees via line management. On the 7th, all employees in France received an email informing them about the incident and on the 8th all employees outside France did too. At the same time, we responded to the press.

At the same time, Orange Cyberdefense contacted the relevant authorities including the French data protection authority (CNIL) with a preliminary personal data breach report and the National Cybersecurity Agency of France (ANSSI).

On the 9th, a publication was posted on the Orange Cyberdefense France and Global websites.

Two weeks after the incident, while the investigations continue, at this stage we can say:

  • that the incident only affected customers of the Micro-SOC France service,
  • we have not detected any intrusions in our information system,
  • that the forensic analysis enabled us to establish that the source of the leak was a legitimate workstation with legitimate access credentials. We filed a complaint with the police.

We will of course share everything we learn about this incident when investigations will be concluded.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT