Iliad

Company

Content

History
- 2026: $42 million fine for data loss of 24 million subscribers due to hacker attack
Notes

History

2026: $42 million fine for data loss of 24 million subscribers due to hacker attack

On January 14, 2026, the French Information Protection Regulator (CNIL) fined the telecommunications giant from France Groupe Iliad $42 million for critical vulnerabilities in the area. cyber security The presence of these vulnerabilities allowed hackers to steal data from 24 million subscribers.

As follows from the report of The Record, the reason for the punishment was the cyber attack carried out in October 2024. Hackers penetrated the information systems of two subsidiaries of the holding: the telecommunications provider Free SAS and the mobile operator Free Mobile. As a result, unauthorized access to personal data of customers was obtained, including international bank account numbers (IBAN).

Hackers hacked into the servers of the French telecom company Groupe Iliad and stole the data of 24 million subscribers. For this, the operator was fined $42 million

During the investigation, the CNIL identified numerous violations of the requirements of the European Union's General Data Protection Regulation (GDPR). The agency noted the lack of security measures: a weak authentication procedure for connecting to a corporate VPN network and the lack of effective systems for detecting suspicious activity.

The companies also breached a commitment to inform those affected. Notifications about the incident did not contain sufficient information so that subscribers could understand the consequences of the leak and take measures to protect confidential data. The regulator noted that Free Mobile unnecessarily stored the data of former customers, creating additional risk.

The amount of the fine was differentiated: Free Mobile was fined €27 million ($31 million), and Free SAS - €15 million ($17 million). CNIL attributed the sum to the high sensitivity of the stolen data, the large financial performance of the companies and their "ignorance of the basic principles of security."

A spokesman for Groupe Iliad said the companies intend to appeal the decision to the French Council of State (the highest administrative court). The statement said there was "unprecedented severity" and "disproportionate" fines compared to other cyber attack cases.

In response to the incident, companies have strengthened their security architecture since October 2024, tightened access controls and implemented advanced real-time monitoring. CNIL confirmed that since the beginning of the investigation, operators have taken corrective measures, and obliged them to continue to work to improve data security.^[1]

Notes

↑ French data regulator fines telco subsidiaries $48 million over data breach

Источник — «https://tadviser.com/index.php/Company:Iliad»

The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article
If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible.

Simple Link

How to create a "smart plant": Key characteristics of a modern digital enterprise 15200

Model Studio CS: How to use BIM to give new impetus to the development of the fuel and energy complex 17700