Introduction

In 2025, telecom operators have quietly become one of the most attractive targets for cybercriminals. Beyond offering internet and mobile services, they hold a treasure trove of sensitive data phone numbers, addresses, SIM and PUK codes, and in some cases even login credentials that can unlock a user’s digital life.

Two recent incidents , the Orange Belgium breach and the iiNet cyberattack in Australia have underscored just how vulnerable the sector has become. Together, these breaches affected over 1.1 million customers across two continents, highlighting systemic risks that go far beyond any single operator.

Why Attackers Target Telecom Companies

Telecom providers sit at the center of our personal data and communication, which makes them a favorite target for hackers. In early 2025, cyberattacks on telecoms rose by 47%, making them the third most-attacked sector after education and government according to coursera.org

Here’s why criminals go after telecom companies:

  • Lots of customer data

    Names, addresses, IDs, billing info, SIM and PUK codes. Hackers can sell this or use it for identity theft.

  • Control of communication

    With SIM data or phone numbers, attackers can hijack calls or SMS codes, leading to account takeovers (SIM swap scams).

  • Massive impact

    One breach can leak data of millions, giving criminals a big pool of victims at once.

  • Old systems

    Many telcos still use outdated or unpatched systems, which are easier to hack.

  • High pressure to recover

    Telecom is critical infrastructure. Hackers know companies can’t afford downtime, so they may use stolen data for ransom or extortion.

In this blog, we will look at two major attacks , on Orange Belgium and iiNet and see how these telecom companies handled the situation.

Case Study 1: Orange Belgium’s 850,000-Account Breach

Orange Belgium – a major telecom operator serving over 3 million customers in Belgium revealed that it suffered a significant data breach in July 2025. Hackers gained unauthorized access to one of Orange’s IT systems containing customer account records.

According to the advisory from Orange Belgium, the company discovered a cyberattack at the end of July that gave hackers unauthorized access to data from around 850,000 customer accounts.

The company clarified that no critical data such as passwords, email addresses, or banking details was affected. However, the attackers did gain access to information like customer names, phone numbers, SIM card numbers, PUK codes, and tariff plan details.

Orange Belgium said that as soon as the incident was detected, their security teams blocked access to the compromised system and added extra protections. The company also reported the case to authorities and filed an official complaint.

Response and Impact

  • After detecting the attack, Orange Belgium immediately activated its incident response plan. The compromised IT system was quickly isolated and secured to prevent further unauthorized access.
  • The company also alerted law enforcement and regulators about the breach and went as far as filing an official complaint to push for an investigation against the attackers.
  • Around 850,000 impacted customers are being notified directly by email or SMS. Orange emphasized that customers should treat any unusual communication with caution.
  • The company reminded customers that it will never request passwords, banking information, or one-time codes over phone or text. Any such request should be considered fraudulent.

Case Study 2: iiNet (Australia) Cyberattack Exposes 280,000+ Records

iiNet, one of Australia’s well-known internet service providers and part of TPG Telecom, also fell victim to a major cyberattack in August 2025. The breach targeted the company’s order management system, which is used to handle customer broadband and service orders. Hackers gained entry using stolen employee login credentials, allowing them to access sensitive customer records.

Response and Impact

  • Once the breach was detected on August 16, 2025, iiNet’s parent company, TPG Telecom, activated its incident response plan. The compromised order management system was secured, and access for the attackers was cut off.
  • TPG brought in external cybersecurity experts to investigate the breach and assess the scale of the impact. They also worked closely with the Australian Cyber Security Centre, the National Office of Cyber Security, and the Privacy Commissioner.
  • The company confirmed that no financial data or identity documents were stored in the affected system. However, around 280,000 email addresses, 20,000 landline numbers, 10,000 customer records (with names, addresses, and phone numbers), and 1,700 modem setup passwords were stolen.
  • The company warned that the stolen data could be used to launch phishing campaigns, impersonation scams, or even attempts to access home networks using the leaked modem passwords. Customers were urged to remain alert for suspicious emails, texts, or calls claiming to be from iiNet.

Broader Impact on Consumers and Industry

  • Consumer Trust :

    High-profile breaches make customers nervous about whether their telecom provider can keep personal data safe. The fear of identity theft or account takeovers lingers long after the headlines fade.

  • Financial Services :

    Stolen SIM or PUK codes open the door to SIM-swap attacks, where criminals transfer a victim’s mobile number onto their own device. With that control, attackers can intercept one-time passwords (OTPs) used by banks, trading apps, and crypto wallets. This enables them to reset logins, bypass multi-factor authentication, and in some cases, empty accounts within minutes.

  • National Security : Telecom providers are not just service companies; they are pillars of a country’s critical infrastructure. A breach that compromises millions of records does more than expose customers , it shakes confidence in the reliability of national communications. Persistent attacks could be leveraged by hostile actors to monitor sensitive conversations, disrupt emergency networks, or create widespread service outages.

Lessons Learned

  1. Credential Security is Key

    Employee logins remain a common entry point for attackers. Stronger measures such as hardware-based MFA, strict access controls, and continuous monitoring are no longer optional.

  2. Detection Must Improve

    Both incidents raised questions about how long attackers roamed inside before being noticed. Faster anomaly detection and automated alerts could have limited the scope of these breaches.

  3. Customer Transparency Matters

    Orange Belgium and iiNet both went public quickly, sharing updates and warnings. Honest, timely communication is crucial to protect users and rebuild trust.

Conclusion

Telecoms must act decisively: stronger security, faster detection, and transparent communication are no longer optional. And for users, vigilance is the first line of defense. In today’s world, data is power and in the wrong hands, it’s a weapon.

References

https://www.iinet.net.au/sites/iinet/files/2025-08/Media-statement_iiNet-cyber-incident.pdf

https://help.iinet.net.au/information-on-cyber-incident

https://corporate.orange.be/nl/node/57971

Related Posts

Copyright © TechOwlShield. All rights reserved.