French telecommunications giant Bouygues Telecom has confirmed it was the target of a significant cyberattack, resulting in a data breach that affects 6.4 million of its customer accounts. The company, which is France’s third-largest mobile operator, announced the incident, adding to a series of recent cybersecurity challenges for the nation’s critical infrastructure.
According to a corporate statement, the attack resulted in unauthorized access to a substantial trove of personal customer data. While Bouygues has not disclosed the specific nature or methodology of the cyberattack, it confirmed that the stolen information includes customers’ contact details, contractual data, civil status (or company information for professional accounts), and International Bank Account Numbers (IBANs).
The breach was reportedly detected by the company on August 4, 2025. In response, Bouygues stated that its technical teams acted swiftly to resolve the situation and that “all necessary measures were put in place.” The company is in the process of notifying all affected individuals via email or text message and has assured them of its full support.
In compliance with regulations, a formal report on the Bouygues data breach has been filed with France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), and a legal complaint has been submitted to the appropriate judicial authorities.
This incident follows closely on the heels of a separate cyberattack targeting Orange, France’s largest telecom provider, just last week. While Orange reported service disruptions, it did not confirm a breach of customer data.
The back-to-back attacks on two of the country’s most prominent telecom operators underscore warnings from the French National Agency for the Security of Information Systems (ANSSI). In its annual review, ANSSI highlighted the growing threat of state-sponsored cyberattacks targeting the French telecommunications sector for espionage purposes. The agency’s report detailed multiple past compromises, including a sophisticated intrusion into a mobile network core by a suspected state-sponsored actor with the intent to intercept the communications of specific individuals.
