Eurofiber France Discloses Data Breach After Hacker Attempts to Sell Stolen Customer Information

In a concerning development for European digital infrastructure, Eurofiber France has disclosed a data breach discovered late last week, triggered by a hacker's attempt to sell stolen customer data on underground forums. The incident, which targeted the company's ticket management system, highlights the persistent risks facing telecommunications providers that serve business and government clients.

Breach Details and Company Response

Eurofiber France SAS, part of the Eurofiber Group N.V., operates an extensive 76,000 km fiber network across the Netherlands, Belgium, France, and Germany, focusing on business-oriented digital infrastructure rather than consumer services. The breach was limited to the French division, including its cloud services via the ATE portal and subsidiaries like Eurafibre, FullSave, Netiwan, and Avelia. According to the company's press release, the impact on indirect sales and wholesale partners remains minimal, as these entities use separate systems.

Upon detection, Eurofiber France swiftly enhanced security on the ticketing platform and ATE portal, patched the exploited vulnerability, and implemented additional measures to prevent further leaks. While the company assured that no banking details or other critical data from separate systems were compromised, it has not detailed the exact nature of the stolen information beyond committing to notify affected customers.

Threat Actor's Claims Raise Alarm

The breach came to light publicly when a threat actor known as 'ByteToBreach' boasted on a data leak forum about the intrusion. The hacker alleged stealing data from 10,000 businesses and government entities—clients of Eurofiber—who had uploaded materials to the ticketing system. This purported haul includes screenshots, VPN configuration files, credentials, source code, certificates, archives, email account files, and SQL backup files, representing a treasure trove of sensitive information that could fuel further cyberattacks.

BleepingComputer, which first reported the threat actor's claims, sought clarification from Eurofiber France on the data types exposed, customer count affected, and the specific software vulnerability involved, but responses were pending at the time of the announcement. The company has reported the incident to France's data protection agency (CNIL) and cybersecurity authority (ANSSI), and filed an extortion complaint, as the hacker demanded payment to withhold the data.

Broader Implications for Telecom Security

This incident echoes recent breaches in the French telecom sector, such as Bouygues Telecom's exposure of 6.4 million customers' personal data in August and Orange France's network compromise in July 2025, where data theft remains unconfirmed. For developers and IT leaders relying on such infrastructure providers, the event serves as a stark reminder of the supply chain risks in support systems like ticketing platforms, which often handle proprietary configurations and code.

The potential exfiltration of VPN credentials, source code, and database backups could enable targeted phishing, ransomware, or intellectual property theft, amplifying threats across interconnected business ecosystems. As Eurofiber fortifies its defenses, the telecom industry must prioritize vulnerability management in ancillary tools, ensuring that the backbone of Europe's digital economy remains resilient against evolving cyber threats.

Source: BleepingComputer