Looks like it's open season, that's four data breaches reported just today.
I'd go back to paper billing if my data weren't held in the same database reachable from the Internet for everyone who uses online billing.
France fines telcos €42M for sub-par security prior to 24M customer breach
The French data protection regulator, CNIL, today issued a collective €42 million ($48.9 million) fine to two French telecom companies for GDPR violations stemming from a data breach. Free and Free Mobile are two separate businesses, respectively overseeing fixed-line and mobile services, owned by Iliad Group. The fines relate …
-
-
Wednesday 14th January 2026 17:11 GMT JessicaRabbit
This is crazy, the fine amounts to only 0.42% of turnover (11.4% of profit) and is barely above the 20 million max they'd have to pay if 4% of their turnover was less than that. I also wouldn't be surprised if they contest this and it ends up being reduced to an even lower amount. One wonders just how egregiously a company has to fuck up to actually get a fine of 4%.
-
Thursday 15th January 2026 11:10 GMT FrogsAndChips
Yeah, I got my initial math wrong and thought they had indeed been hit with a 4% fine, which I believe would have been a first for GDPR fines.
That said, the leaked data was not considered sensitive as per GDPR criteria (even bank details are not), so it was probably a mitigating factor, because they have no excuses for poor security measures and late notification.
-
Thursday 15th January 2026 08:11 GMT Anonymous Coward
And this leak is actively exploited. I've received quite a few targeted phishing emails since, using my actual bank logo, or from "Prime Video" including my full name, address and bank information. The only revealing detail was the bogus sending email address, a technical detail which many MUAs hide.
I'm sure it comes from that leak as they're using the unique email address I created for Free.
Free is generally less bad than the others but they really fucked this one up.
Biting the hand that feeds IT
