Dutch Firm Eurofiber’s Data Breach Exposes French Customer Data on Darknet

Eurofiber reported that it suffered a cyber attack on its online customer platform, ATE, and ticket management system on Thursday, November 13, 2025. The company said a hacker accessed its network through an underlying software tool the company utilized before it exfiltrated data.

Eurofiber France Discloses Data Breach in Its Digital Systems

Eurofiber noted that the recent attack affected only Eurofiber France and other regional companies, including Netiwan, Eurafibre, Avelia, and FullSave.

The company said it quickly discovered and contained the attack, and its engineers immediately began monitoring the affected systems. Eurofiber said it is working with security professionals to assess the situation and improve security.

Also, the firm noted that it has begun implementing extra measures to prevent further network compromise and strengthen its system security.

Eurofiber said that the attack did not affect sensitive information such as banking details or crucial data stored in other online systems. It also stated that the threat actor did not disrupt its services, which remained fully operational throughout the incident.

On the contrary, external sources say that the attack is way larger than Eurofiber has mentioned on its official site. According to International Cyber Digest, probably over 3,600 victims were affected by the data breach.

As per the channel, the exposed list of victims includes prominent French institutions and firms, such as Orange, Thales, the French railways, TotalEnergies, and several large companies.

International Cyber Digest linked the hack to a ransomware actor, ByteToBreach, stating that the hacker stole the firm’s complete GLPI database. By doing this, the cybersecurity news channel believes that the threat actor accessed API keys, internal messages, passwords, tickets, and client data, and even admin-exclusive credentials.

The FD’s report revealed that the exposed data varied from files to personally identifiable data, such as names and credit card details, and even cloud configurations.

Dataset on the Darknet

As per the data from a known security expert, Dark Web Informer, the illicit actor published the stolen data for sale on the dark web. By doing this, the threat actor means to make a profit from the recent data breach escapade, a common goal in the thriving dark web data economy where stolen financial information commands high prices, as seen in the recent case of Stolen Korean credit card prices surge 168% on dark web markets.

On the contrary, the disclosure did not mention the parts of the stolen data that belonged to EuroFiber and the parts belonging to other sources.

The tech giant believes that the incident only affected its France operations, not its operations in the other European branches. Eurofiber responded to the Dutch news outlet FD when they wrote that Dutch customers can be assured about the safety of their data.

Furthermore, Eurofiber noted that it has reached out to the French privacy regulatory body CNIL, and there are investigations going on pertaining to the breach. The firm has said that it will continue to communicate with its clients so long as the incident persists. It also says that it will continue running its services amid the hack.

Eurofiber, a European tech giant founded in 2000, provides cloud connectivity and fiber-optic solutions to companies and institutions across Europe. Its operations began in the Netherlands, and later grew to France, Germany, and Belgium. This incident highlights the growing vulnerability of essential infrastructure providers, a trend recently seen in the breach at a key Swedish IT firm that exposed data for 1.5 million people, underscoring the wide-reaching impact when these foundational companies are compromised.