Brinztech Alert: The Alleged Database of SFR is Leaked

Dark Web News Analysis

The dark web news reports a major data breach involving SFR (sfr.fr), one of France’s leading telecommunications providers. A threat actor on a hacker forum is selling a database purportedly containing 150,000 records.

The compromised dataset is financially sensitive, containing IBANs (International Bank Account Numbers) and BIC Codes. Alongside banking details, the leak includes extensive Personally Identifiable Information (PII) such as Full Names, Email Addresses, Phone Numbers, Dates of Birth, and Physical Addresses. The attacker is actively soliciting requests for additional, unreleased databases, suggesting this may be part of a broader exfiltration campaign.

Key Cybersecurity Insights

Breaches involving IBANs and telecom data create a specific set of high-impact financial risks:

• SEPA Direct Debit Fraud: The exposure of 150,000 IBANs is the most critical aspect. In the Eurozone, a known IBAN can be used to set up fraudulent SEPA Direct Debit mandates. Criminals can use these numbers to pay for subscription services or utility bills elsewhere, draining the victim’s account until the unauthorized charges are noticed.
• SIM Swapping & Vishing: With access to Phone Numbers and Dates of Birth, attackers have the “security answers” needed to impersonate customers. They can call SFR support to request a “SIM Swap,” hijacking the victim’s phone number to bypass 2FA on banking apps.
• “Fullz” Identity Theft: The combination of a physical address, DOB, and bank details is often referred to as “Fullz.” This data allows criminals to open credit lines, take out loans, or register new contracts in the victim’s name.
• Trust-Based Phishing: Customers should expect calls or emails posing as SFR Billing Support. Attackers might say, “Your latest payment failed due to an IBAN error, please click here to update your details,” using the leaked data to legitimize the scam.

Mitigation Strategies

To protect customers and mitigate financial loss, the following strategies are recommended:

• Bank Account Monitoring: Affected customers must monitor their bank statements weekly for unauthorized Direct Debits. Under SEPA rules, customers have 13 months to contest an unauthorized debit, but early detection is key.
• Phishing Vigilance: SFR will never ask for your password or full credit card number via SMS. Treat any urgent SMS regarding “unpaid bills” as a scam.
• CNIL Notification: As a major breach of French citizens’ financial data, SFR is likely required to notify the CNIL and the affected individuals immediately under GDPR.
• Carrier PIN: Customers should contact SFR to set up a specific “Carrier PIN” or passcode that is required before any changes (like SIM swaps) can be made to their account.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com