Eurofiber admits crooks swiped data from French unit after cyberattack
November 17, 2025
Eurofiber, a French B2B telecommunications provider, reported a data breach occurring on November 13, 2023, due to an exploited vulnerability in its ticket management platform. The incident affected its French operations but did not compromise sensitive data, and the company has since patched the vulnerability while implementing additional security measures.
On November 13, 2023, Eurofiber, a B2B wholesale telecommunications company based in France, confirmed a significant cyberattack that compromised data from its systems. The breach primarily affected its French operations, which included multiple brands such as Eurafibre, FullSave, Netiwan, and Avelia. In a formal disclosure, the company stated that cybercriminals had exploited a vulnerability within its ticket management platform to gain unauthorized access to stored data. However, Eurofiber clarified that sensitive information, including banking details, was not compromised during this incident. The internal vulnerability has since been addressed and patched by Eurofiber's technical teams.
While the company did not disclose the exact scale of the attack or the number of individuals affected, it confirmed that customers in neighboring countries like Belgium, Germany, and the Netherlands were not impacted. Eurofiber assessed the overall effect of the attack on its business operations as 'limited,' noting that customer-facing services remained fully operational throughout the entire episode. Nevertheless, the incident did disrupt some operational processes related to its indirect sales and wholesale partners.
In immediate response to the security breach, Eurofiber's IT staff, in concert with cybersecurity experts, swiftly implemented elevated security protocols on the attacked platforms, particularly the ticketing system and the ATE portal. Recognizing the critical nature of the attack, they also established further preventive measures to guard against future data breaches while strengthening overall system security.
The incident was reported to French cybersecurity agencies CNIL and ANSSI, raising concerns that the attack might have involved an extortion element, possibly indicating that the attackers were negotiating ransom for the stolen data. However, Eurofiber chose not to confirm whether any ransom payments were made in relation to the incident, opting instead to underscore its commitment to transparency and data protection.
Despite its operations in various European nations, Eurofiber is a smaller entity in the telecommunications sector compared to giants such as Orange and Bouygues. For context, the company reported total annual revenues of €308 million for 2023, which starkly contrasts with Orange's reported €9.9 billion in Q3 alone. This event marks a troubling trend within the B2B telecommunications sector, which has experienced a wave of similar cyberattacks impacting companies like Colt and ICUK in recent months.
These prior incidents highlight the precarious state of cybersecurity within the sector, as ICUK endured two days of DDoS attacks in early October, while Colt continued to address recovery protocols following a more extensive intrusion. Although there was no established link to ransomware in Colt's situation, many are left to wonder about the longer-term implications such assaults might carry for cybersecurity resilience within the telecommunications industry. As this incident unfolds, all eyes remain fixed on Eurofiber's follow-up actions and the broader lessons that can be gleaned to bolster defenses against increasingly sophisticated cyber threats.
