An Orange store / REUTERS

Orange in Spain hit by security breach which has exposed sensitive data of some customers

The incident, detected in a service provider of the telecoms multinational, has revealed the name, surnames, postal address, telephone, email, DNI/NIE numbers, date of birth, nationality and the IBAN code of the current account of some clients

MELCHOR SAIZ-PARDO MADRID.

A 'security incident' at an Orange 'debt collection' provider has exposed 'sensitive' information of some of its clients. The exact number of affected users has not been specified by the telecoms multinational, but it insisted that it is a "limited number." The company has, in a statement sent to its supposedly 'offending' subscribers, has warned that "part of the sensitive information to which it had access to carry out the customer management activity for which it was hired" has been leaked by the security breach.

Specifically, the name, surnames, postal address, telephone, email, DNI/NIE numbers, date of birth, nationality and the IBAN code of the current account of some of its clients have been exposed, as reported by a department of the Spanish National Cybersecurity Institute of the Ministry of Economic Affairs and Digital Transformation.

“From the moment the provider became aware of the incident, a plan was put in place to limit its scope, immediately proceeding to cut off access to our systems. However, some of your personal information could be affected”, reads the information sent by the company to a “limited group of clients”, who would be the victims of this leak and who have already been notified by SMS or email.

The multinational assured that it has already communicated the security breach to the Spanish Data Protection Agency, as well as to the Central Technological Investigation Brigade (BCIT) of the National Police.

Be vigilant

The Internet Security Office (OSI) has recommended to users who have been alerted by the company that "during the coming months be especially careful with emails, messages or calls of which you cannot confirm their origin or sender, especially messages requesting banking information or credentials.

In addition, it recommends those possible victims to "be vigilant and regularly monitor what information circulates about you on the Internet to detect if your private data is being used without your consent."

“In case your bank details have been affected by the incident, check your latest bank movements. If you detect any unknown movement, contact your bank to take the appropriate measures," the OSI has recommended to those affected by the data breach.