The recent leak of customer data at Free has prompted a reaction from UFC-Que Choisir, which is urging the operator to review its security systems and alerts the CNIL.
Last October, Free was the victim of a massive hack, causing the theft of personal data, and even banking information, of millions of customers. Alerted by many of the operator's subscribers, the consumer protection association has decided to hold Free to account and refer the matter to the National Commission for Information Technology and Civil Liberties (CNIL).
“Notwithstanding the ongoing investigation following this massive leak of Free customer data, I am already asking the CNIL to take all proportionate and dissuasive measures if any fault, negligence or failure of the operator is proven,” reacts Marie-Amandine Stévenin, president of UFC-Que Choisir.
Free in the sights of UFC-Que Choisir, and soon of the CNIL?
She points out that the data leak is striking due to the volume of people concerned (19 million Free subscribers), as well as the nature of some of the stolen information (5.1 million IBANs). UFC-Que Choisir points out that Free had already been pinned for a lack of security in the past, and that a sanction had already been imposed on it in 2022 for the same reason. The association believes that the “serious risks incurred by victimized consumers”, such as fraudulent withdrawals, phishing, or identity theft, constitute an aggravating factor.
Regarding phishing, a campaign has been identified. Free subscribers have been the target of an attempted scam for several weeks. Hackers are spoofing Amazon Prime and using leaked IBAN data to try to deceive users. This is a direct consequence of the data leak mentioned earlier.
“It is unacceptable that consumers are put at risk due to a leak of their data held by professionals”, adds Marie-Amandine Stévenin, who calls for a strengthening of security infrastructures. France is the European country most affected by data leaks in 2024. Worldwide, only the United States, Russia, and China are more attacked. Cybersecurity has become a priority in the CNIL program for the period 2025-2028.
0 Comments