Brinztech Cyber News: Ethical Hacker Files Complaint Against Orange Belgium Over Data Breach Response

Key Takeaways

• Ethical hacker Inti De Ceukelaire has filed a formal complaint against Orange Belgium with the Belgian Data Protection Authority.
• The complaint follows the recent data breach that exposed the details of 850,000 customers, including SIM card numbers and PUK codes.
• De Ceukelaire alleges a lack of transparency from the company, pointing to inconsistent public statements about whether the stolen data has been distributed online.
• The stated goal of the complaint is to force “complete transparency” about the incident and how customer data was handled.

Ethical Hacker Challenges Orange Belgium’s Breach Response

In the wake of a major data breach at Orange Belgium, ethical hacker Inti De Ceukelaire has filed an official complaint with Belgium’s Data Protection Authority, stating the telecom provider “has shown it cannot be trusted.” The complaint seeks to compel the company to provide “complete transparency” about the cyberattack that occurred in late July.

This action is a direct follow-up to the breach disclosed by Orange Belgium on Wednesday, which impacted approximately 850,000 customer accounts. As we previously reported, the stolen data included a dangerous combination of information—names, phone numbers, SIM card numbers, and PUK codes—creating a perfect toolkit for criminals to conduct sophisticated SIM swapping attacks.

Inconsistent Statements Raise Questions About Transparency

The core of De Ceukelaire’s complaint centers on the company’s shifting public statements. He pointed out inconsistencies in how Orange Belgium communicated the status of the stolen data:

• Initial Statement: The company first claimed—in a communication archived online—that there was “no evidence” the stolen data had been distributed by the attackers.
• Revised Statement: This sentence was later removed from the company’s public notification before being replaced with a more cautiously worded update: “To date, we have found no indications that this data has been distributed.”

An Orange Belgium spokesperson stated the change was made to provide clarification during an ongoing investigation. However, the subtle but significant change in wording is at the heart of the transparency concerns. A claim of “no evidence” can be interpreted as a strong, definitive statement, whereas “no indications to date” is a much weaker, open-ended phrase that acknowledges the possibility of future discovery. This change has fueled concerns that the company is not being fully transparent with its affected customers.

Key Cybersecurity Implications

• The Importance of Clear and Consistent Incident Communication: This incident is a textbook example of why crisis communication is a critical pillar of incident response. In the aftermath of a breach, inconsistent or changing statements, even if well-intentioned, can severely damage customer trust and attract additional regulatory scrutiny. A clear, consistent, and transparent communication plan is vital.
• The Role of Ethical Hackers in Corporate Accountability: This event highlights the important role the independent security community plays in holding companies accountable. By filing a formal complaint, the ethical hacker is using official channels to push for a higher standard of transparency and response, which ultimately benefits all consumers.
• The Underlying Risk Remains Severe: Regardless of the communication issues, the fundamental threat remains unchanged. The highly sensitive data of 850,000 customers is in the hands of a malicious actor. All affected individuals must remain on maximum alert for the signs of SIM swapping attacks and sophisticated phishing campaigns.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com