In a significant cybersecurity incident, Bouygues Telecom, France’s third-largest mobile operator, has confirmed a data breach affecting 6.4 million customer accounts. The company detected the unauthorized access on August 4, 2025, and promptly initiated measures to contain the breach.
Details of the Breach
The compromised data includes customers’ contact information, contractual details, civil status (or company data for professional subscribers), and International Bank Account Numbers (IBANs). Bouygues Telecom, which serves approximately 26.9 million mobile customers, has not specified the exact duration of the breach before detection.
Company Response
Upon discovering the breach, Bouygues Telecom’s technical teams acted swiftly to resolve the issue and implement additional security measures. The company has notified France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), and has filed a complaint with judicial authorities. Affected customers have been or will be informed via email or text message.
Historical Context
This incident is not the first time Bouygues Telecom has faced data security challenges. In December 2018, the CNIL fined the company €250,000 for failing to protect the personal data of approximately two million customers. The previous breach involved a security vulnerability that exposed customer contracts and invoices online for over two years.
Industry Implications
The breach at Bouygues Telecom follows a similar incident at Orange, France’s largest telecom provider, which experienced a cyberattack on July 29, 2025. These consecutive breaches underscore the growing cybersecurity threats facing the telecommunications industry. The French cybersecurity agency ANSSI has previously warned about state-sponsored threats targeting the sector for espionage purposes.
Customer Guidance
Customers are advised to monitor their financial accounts for any unusual activity and to be cautious of potential phishing attempts. Bouygues Telecom has assured customers that it is taking all necessary steps to enhance security and prevent future incidents.
