Orange Romania, the country’s largest telecommunications provider, has been hit by another major cyberattack. A group of hackers, linked to the Babuk cybercrime network, claims to have breached the company’s systems on March 17. This attack comes just weeks after a previous security breach on February 23.
The hackers allege they have stolen 4.5 terabytes (TB) of sensitive data. This makes the attack far larger than the February breach, which involved 6.5 gigabytes (GB) of information. To put this into perspective, 1TB equals around 1,000GB. This means the recent attack potentially stole nearly 700 times more data than the first one.
According to the cybercriminals, the stolen information includes email addresses, customer records, source code, invoices, contracts, projects, employee data, messages, call logs, and credit card details.
To make matters worse, the hackers are threatening to release 1TB of this data online unless Orange negotiates with them. However, the telecom company says it has not received any ransom demands or communication from the attackers.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
What the Hackers Claim to Have Stolen
The Babuk ransomware group claims that the March 17 attack gave them access to all information related to Orange Romania’s local and international platforms. This includes orange.com and orange.ro.
The hackers allege they now control a massive collection of highly detailed information. This includes customer data such as names, addresses, phone numbers, call logs, and possibly payment details. They also claim to have stolen employee information, including internal messages, work records, and other private data.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
Additionally, the breach reportedly includes company documents like source code, internal reports, project details, and sensitive contracts. The stolen data also contains financial records, including invoices, bank details, and possibly credit card information.
This treasure trove of sensitive data is highly valuable to criminals. They can sell it on the dark web or use it for identity theft, financial fraud, and phishing scams.
The hackers have threatened to release 1TB of this data online if Orange Romania refuses to negotiate. This could expose millions of customers and employees to serious privacy risks.
Orange Romania’s Response and the Growing Threat of Babuk
Despite the hackers’ claims, Orange Romania says it has not been contacted by the attackers. The company is monitoring the situation alongside the National Cybersecurity Directorate (DNSC) and the broader Orange Group.
Orange officials confirmed their experts have analyzed the sample files shared by the hackers. According to the company, the leaked files appear to be from the February 23 attack. However, Babuk insists the March 17 breach involved a far larger data haul, which they now hold as leverage.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
Babuk is a notorious cybercrime network that first appeared in 2020. It specializes in ransomware attacks, where criminals steal data and demand payment in exchange for not publishing it. Babuk was inactive for nearly a year but resurfaced in January 2025, launching a wave of attacks. Since then, the group claims to have targeted around 60 large companies.
Cybersecurity experts say other major ransomware gangs, including Evil Corp with ties to Russian cybercriminals, are linked to Babuk. These groups launch large-scale attacks on corporations, demand hefty ransoms, and threaten to leak sensitive data.
Orange, which operates in 26 countries and serves around 287 million customers, is a prime target due to its massive customer base. In Romania, Orange has nearly 10 million customers, making the breach particularly significant.
Cyber Attacks on Connected Cars
As the investigation continues, cybersecurity experts are working to assess the damage. Meanwhile, authorities urge customers to stay vigilant, monitor their accounts for suspicious activity, and be cautious of potential phishing scams.
