Regulator confirms the unauthorised access and the subsequent remedial measures
Orange Belgium is introducing new measures to protect customers from SIM swap fraud following a recent cyberattack that exposed sensitive customer data. The Belgian Institute for Postal Services and Telecommunications (BIPT) confirmed that attackers had gained unauthorised access to Orange’s IT systems, resulting in the theft of information including SIM card numbers and PUK codes.
The incident has raised concerns that criminals could exploit the stolen data to impersonate legitimate customers and request the transfer of phone numbers to SIM cards under their control. These attacks, known as SIM swapping, can allow fraudsters to intercept calls and text messages, including one-time verification codes used to reset passwords, access email or social media accounts, and even compromise online payment systems.
In response, Orange, working in consultation with the BIPT and other operators, has introduced an additional verification step when customers request to transfer their number to a different network. Under the new system, Orange will send a text message to the customer whenever such a request is received. If the customer did not initiate the transfer, they can reply “STOP” within eight hours, which will immediately cancel the request.
For private customers, the message will be sent from the number 5000, while business clients will receive it from 5995. The BIPT said it would monitor the implementation of the measure and adapt it if necessary.
The regulator also urged all telecom users in Belgium, regardless of operator, to remain alert to potential fraud attempts. It advised customers to strengthen online security with two-factor authentication, avoid sharing detailed personal information on social media and be wary of suspicious calls or messages.
The new protective measure comes just weeks after the breach was disclosed, highlighting the growing risks facing telecom operators and their customers. Cyberattacks targeting telecom networks are particularly sensitive because mobile numbers are widely used as a security credential for online services. Once criminals seize control of a number, they can inevitably use it as a gateway to wider identity theft.
