Eurofiber France Data Breach Exposes Sensitive Client Information
On November 13, 2025, Eurofiber France, a prominent provider of digital infrastructure services, identified a significant cybersecurity incident. Attackers exploited a vulnerability in the company’s ticket management platform, leading to unauthorized access and data exfiltration. This breach also impacted the ATE customer portal, associated with Eurofiber’s cloud division, Eurofiber Cloud Infra France.
Scope of the Breach
The cyberattack specifically targeted Eurofiber France and its regional brands, including Eurafibre, FullSave, Netiwan, and Avelia. The compromised systems contained sensitive customer data, though the company has assured that banking details and other critical information remained secure, as they were stored in separate, unaffected systems. Eurofiber’s operations in Belgium, Germany, and the Netherlands were not impacted by this incident.
Details of the Attack
A threat actor known as ByteToBreach has claimed responsibility for the attack. The attacker reportedly exploited a vulnerability in Eurofiber’s GLPI (Gestionnaire Libre de Parc Informatique) system, an open-source IT asset management tool. By executing a time-based SQL injection attack on an outdated version of GLPI, the attacker was able to extract approximately 10,000 password hashes over a ten-day period. This method allowed the attacker to gain access to a wealth of sensitive information, including:
– SSH private keys
– VPN configurations
– Administrator API and application keys
– Source code and SQL backups
– Internal client support tickets and messages
The compromised data reportedly affects over 3,600 clients, encompassing a range of sectors such as government, defense, telecommunications, finance, healthcare, and retail. Notable organizations potentially impacted include Airbus, Thales, the French Ministry of Interior, Orange Telecom, AXA Group, and Decathlon.
Eurofiber’s Response
Upon detecting the breach, Eurofiber France acted swiftly to secure the affected systems. The company patched the exploited vulnerability and implemented enhanced security measures to prevent further unauthorized access. Eurofiber has reported the incident to the French Data Protection Authority (CNIL) and the National Cybersecurity Agency of France (ANSSI). Additionally, a police report has been filed for extortion, indicating that the attackers may have attempted to demand payment or threaten further action.
Implications and Recommendations
This incident underscores the critical importance of maintaining up-to-date software and robust security protocols. Organizations utilizing GLPI or similar IT management tools should ensure they are running the latest versions and have applied all relevant security patches. It is also advisable to conduct regular security audits and vulnerability assessments to identify and mitigate potential risks.
Clients potentially affected by this breach should take immediate steps to secure their systems. This includes rotating credentials, monitoring for unauthorized access, and reviewing security policies and procedures. Given the sensitive nature of the compromised data, affected organizations should also consider engaging with cybersecurity professionals to assess and address any potential vulnerabilities.
Conclusion
The Eurofiber France data breach serves as a stark reminder of the ever-present threats in the digital landscape. Organizations must remain vigilant, continuously updating and strengthening their security measures to protect against evolving cyber threats. Transparency and prompt action in the face of such incidents are crucial to maintaining trust and safeguarding sensitive information.
