A ransomware group is linked to the Eurofiber breach that security experts believe exposed sensitive corporate data now circulating across darknet markets. The French telecommunications company Eurofiber has acknowledged a breach of its ATE customer platform and digital ticket system after a hacker accessed the network through software used by the company. Engineers detected the intrusion quickly and implemented containment measures, while the company stressed that services remained operational and banking data stayed secure. The incident affected only French operations and subsidiaries such as Netiwan, Eurafibre, Avelia, and FullSave, according to the firm. Security researchers instead argue that the scale is far broader.
International Cyber Digest reported that more than 3,600 organisations may be affected, including prominent French institutions such as Orange, Thales, the national rail operator, and major energy companies. The outlet linked the intrusion to the ransomware group ByteToBreach, which allegedly stole Eurofiber’s entire GLPI database and accessed API keys, internal messages, passwords and client records. A known dark web actor has now listed the stolen dataset for sale, reinforcing concerns about the growing trade in exposed corporate information. The contents reportedly range from files and personal data to cloud configurations and privileged credentials.
ByteToBreach is cited as the group behind the intrusion, allegedly accessing a wide array of sensitive data, including internal messages and client records.
Author's summary: Eurofiber faces a potentially broader impact than initially stated, with claims of thousands of affected organisations and stolen data circulating on dark web markets, underscoring rising risks to corporate information security.