🚨 Orange Belgium Hack 2025: 850,000 Customers Impacted in SIM Data Breach – Protect Yourself

TL;DR (Article Summary)

Orange Belgium confirms a data breach affecting 850,000 customers.
Stolen data: names, phone numbers, SIM numbers, PUK codes, tariff plans.
Not stolen: passwords, emails, home addresses, or banking details.
Orange Belgium has contained the breach, notified authorities, and reinforced systems.
Customers at risk of SIM swap fraud, phishing, and impersonation.
Orange has set up a dedicated hotline: 02/431 96 16.
Protect yourself: switch to app-based 2FA, watch for scam texts/calls, and monitor accounts.

📌 What Happened?

At the end of July, Orange Belgium detected a cyberattack on one of its IT systems. Hackers gained unauthorized access to customer account data from approximately 850,000 customers.

Data Stolen

First and last names
Telephone numbers
SIM card numbers
PUK codes (used to unlock SIMs)
Tariff plans

Data Not Stolen

Passwords
Email addresses
Home addresses
Bank details

👉 Orange says there is no evidence that the stolen data has been shared or leaked online as of August 21.

🛡️ What Orange Has Done

Orange Belgium states it took the following steps immediately after discovering the attack:

Blocked access to the compromised system
Secured systems with extra safeguards
Conducted a full analysis to identify affected customers
Confirmed that no other customer or internal data was consulted
Contacted and cooperated with Belgian authorities
Notifying affected customers via SMS or email

Orange has also provided a dedicated hotline (02/431 96 16, free from Orange mobiles) for customers seeking more information.

🎭 What Scammers Could Do With This Data

1. SIM Swap Fraud

Criminals could use SIM and PUK data to attempt to hijack numbers and intercept 2FA codes.

2. Targeted Phishing / Smishing

Scam texts could use your name and plan details to appear authentic. Example: “Your Orange SIM is at risk—click here to secure it.”

3. Social Engineering Calls

Fraudsters may impersonate Orange support using real customer info.

4. Account Misuse

With enough detail, criminals could request device upgrades, plan changes, or replacement SIMs under your name.

🔒 How to Protect Yourself Now

Be cautious of unexpected texts and calls
- Orange will never ask for banking details or passwords via SMS.
Switch to app-based 2FA
- Use Google Authenticator, Authy, or Microsoft Authenticator instead of SMS codes.
Monitor your accounts closely
- Set alerts for suspicious activity.
- Report sudden loss of service immediately—it could mean a SIM swap.
Contact Orange if concerned
- Call 02/431 96 16 for support.
- Ask about extra account security (e.g., requiring ID verification for changes).

📢 Final Thoughts

Orange Belgium emphasizes that no sensitive financial or login data was stolen. However, the exposed SIM, PUK, and identity-linked details still carry serious fraud risks.

By staying alert to fake SMS messages, phone calls, and SIM activity, switching to app-based authentication, and using Orange’s hotline if needed, customers can reduce their risk.

Frequently Asked Questions

Last updated: August 21, 2025 • Orange Belgium states there is no evidence the accessed data has been disseminated. Dedicated hotline: 02/431 96 16.

What are the risks with this data?

Primary risks include phishing/smishing, impersonation, and SIM-swap fraud using your name, number, SIM number, PUK code, and plan details to bypass checks or tailor scams.

Why did I get a text message when a family member didn’t?

Orange contacts the accounts identified as impacted. If you're unsure, sign in to your official Orange account or call 02/431 96 16.

What is phishing?

Phishing (email) and smishing (SMS) are messages that pretend to be from a trusted company to make you click a link, share credentials, or pay money. They often use urgent language and realistic branding.

How can I protect myself against phishing?

Don’t click links in unexpected texts/emails—navigate to Orange via your browser or official app.
Never share passwords, banking details, or one-time codes over SMS/call.
Enable app-based 2FA (e.g., Google/Microsoft Authenticator, Authy) instead of SMS.
Report suspicious messages to your provider and delete them.

How do I recognize an official message from Orange?

Official messages won’t ask for passwords or banking info. Check the sender domain, avoid shortened/odd links, and verify any alert inside your My Orange account/app or by calling 02/431 96 16.

Will my services be interrupted?

No. Your service should continue normally. If you suddenly lose mobile service, contact Orange immediately—it could indicate a SIM-swap attempt.

How can I contribute to the protection of my data?

Set a strong phone/SIM PIN and keep your PUK private.
Switch critical accounts to app-based 2FA.
Keep your device OS and apps updated.
Ask Orange to add extra verification before account or SIM changes.

How can I reset my password?

Use the official My Orange login page/app and choose “Forgot password.” Create a unique passphrase and avoid SMS codes by enabling an authenticator app where available.

What is a PUK code?

A PUK (Personal Unblocking Key) unlocks your SIM after too many wrong PIN attempts. Keep it confidential. If you suspect misuse, contact Orange; you may request additional safeguards or a SIM replacement.

Is there financial compensation provided?

As of August 21, 2025, Orange has not announced compensation details. Monitor the official page for updates and retain any related communications.

Can someone request a replacement SIM in my name with this data?

Orange states it has additional protections in place. Ask support to add extra verification on your account, and contact them immediately if you notice any service interruption or SIM-related alerts.

Any other questions about the security of your data?

Call Orange’s dedicated hotline: 02/431 96 16. See the official page for updates: orange.be/nl/belangrijke-informatie.