Brinztech Alert: The Alleged Database of Corse GSM is Leaked

Dark Web News Analysis

The dark web news reports a significant data breach involving Corse GSM, a regional telecommunications operator based in Corsica, France. A threat actor known as “Solonik” has released a database on a hacker forum allegedly containing approximately 65,000 client records.

The leaked dataset is reportedly available in JSON and CSV formats, making it easily parseable for automation. The compromised fields are highly sensitive, including Full Names, Phone Numbers, Email Addresses, Physical Addresses, and critical financial data such as IBANs and BIC codes. Additionally, the leak includes Contract Timestamps and internal company information, suggesting a deep extraction from the operator’s customer relationship management (CRM) or billing systems.

Key Cybersecurity Insights

Breaches of regional telecom providers are uniquely dangerous because they combine financial exposure with the potential for technical identity theft:

• SEPA Direct Debit Fraud: The exposure of IBAN and BIC codes is the most critical financial threat. In the Single Euro Payments Area (SEPA), malicious actors can use these banking coordinates to set up fraudulent direct debits (prélèvements) for subscriptions or purchases. Because the victim is a legitimate subscriber, small fraudulent charges may go unnoticed among regular bills.
• SIM Swapping & Port-Out Fraud: With access to Phone Numbers, Contract Timestamps, and Client Names, attackers have all the “knowledge-based authentication” answers needed to impersonate a customer. They can call support to request a SIM swap or port the number to a different carrier, hijacking the victim’s 2FA (Two-Factor Authentication) codes for banking and email.
• Regional Phishing Campaigns: Corse GSM is a trusted local brand. Attackers can use the Contract Timestamps to craft highly specific phishing emails: “Your contract from [Date] requires an urgent update to avoid suspension.” This level of personalization drastically increases the success rate of social engineering.
• GDPR & CNIL Violations: As a French entity, this breach triggers strict GDPR mandatory reporting to the CNIL. The leak of unmasked banking data (IBANs) is a severe violation that could lead to substantial regulatory fines for the operator.

Mitigation Strategies

To protect subscribers and the network, the following strategies are recommended:

• Bank Account Monitoring: Affected customers must be advised to monitor their bank statements specifically for unauthorized “Direct Debit” mandates. Under SEPA rules, unauthorized debits can be contested for up to 13 months, but early detection is vital.
• “Port-Out” PIN Security: Corse GSM should implement a temporary freeze on SIM swaps or require a physically verified ID in-store for any number transfer requests to prevent remote hijacking.
• Customer Notification: Send a verified SMS/Email notification to the 65,000 affected clients. Be transparent about the leaked IBANs so they can alert their banks.
• Credential Refresh: Force a password reset for the customer web portal. If the “Solonik” leak implies access to the web backend, current passwords should be considered compromised.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com