Home | The Free Database Leak: IBANS, PII…What to Expect?

The Free Database Leak: IBANS, PII…What to Expect?

Orlaith Traynor

3 min readOctober 31, 2024

It has been a busy month in all locations for cyber attacks. In France, customers are reeling over a significant data breach that targeted French internet service provider Free. The group is France’s second largest ISP.

So, what exactly happened? On October 21, 2024, a cybercriminal known as “drussellx” put two extensive databases up for sale, exposing the sensitive information of millions of Free customers.

In this quick guide, find out the full scope of this incident and the risks and implications if you’ve been targeted. We’ll also share, and how to remediate from this cyberattack.

What exactly is the scope of the Free data breach leak?

The breach involves two separate databases, both weighty in terms of the impact to customers.

  1. An enormous collection of 19,192,948 customer accounts
  2. A smaller but equally concerning database containing 5.11 million IBAN (International Bank Account Number) details

The leaked information includes highly sensitive personal data such as:

  • Full names
  • Phone numbers
  • Complete postal addresses
  • Dates of birth
  • Email addresses

Let’s take a closer look at this cyber attack.

A timeline of the Free breach, leak and database sale

The data breach occurred on October 17, 2024. Reports have noted the cybercriminal’s profile was created just four days later, on October 21, when the databases were put up for sale.

An overview of the breach carried out by “drussellx.”

In a bold move, the threat actor “drussellx” released 100,000 IBANs for free, seemingly in retaliation to Free’s downplaying of the leak’s severity. This action set this hack into more risky territory for affected customers.

The sale of the database concluded on October 29, with the final bid reaching a staggering €175,000, up from an initial asking price of €10,000.

More details of the Free data leak breach that occured on October 17th.

What are the risks you can expect as an affected Free customer?

Millions of customers are worried since the news broke, but what exactly do you need to be concerned about in the coming months.

  1. Phishing attacks: A hacker attempts to trick you into revealing sensitive information or installing malware by masquerading as a legitimate company. Read our guide to stay protected from phishing, smishing, and vishing in the aftermath of this attack.
  2. Identity theft: Identity theft is a major concern and one of the primary reasons cyber criminals seek to obtain personally identifiable information (PII). Criminals can impersonate you and exploit your assets after this attack.
  3. Fraudulent use of IBANs: The exposed bank account numbers mean that you might see an uptick in fraudulent purchases or attempts

Five ways Free customers can take action

If you are a Free customer, it is advisable to take stock of your account security. You should also keep a close eye on your banking transactions.

Free have told French newspaper Le Monde that from their view things look different. “No passwords,” “no bank cards,” “no content of communications (emails, SMS, voice messages…)” are affected by this attack” they said.

However, considering the huge scale of affected customers, it is best to err on the side of caution.

Here are some quick wins to remediate quickly:

  1. Change your passwords immediately. We recommend implementing a password manager or digital safe for good cyber hygiene.
  2. Review if you have activated multi-factor authentication (MFA) or two-factor authentication (2FA). Check devices, apps and accounts that linked to your Free account. That includes your banking app.s
  3. Keep all systems and devices updated regularly– don’t skip software updates.
  4. Be cautious when it comes to phishing emails and communications via text. If in doubt, delete the content immediately.
  5. Monitor your bank account transactions regularly and let you bank know to keep an eye on strange activity.

How does CybelAngel’s REACT team analyze and respond to cyber threats?
Are you a cybersecurity professional worried about the rise in Telecom ransoming? Get in touch with us to see how our expert analysts can rapidly investigate data leaks.

Wrapping up

The Telecom industry is a hot target for cyber attacks at present, and with that, cyber leaders need to be primed to investigate and remediate incidents. Check more of our blog content covering the recent Anonymous Sudan. In ‘Anonymous Sudan’s Post Arrest Cyber Chaos [A Threat Note Guide], we highlighted how U.S. telecom giants were taken down by this pro-Russian threat actor.

Follow fresh content drops weekly, via our cyber socials: LinkedIn, Twitter/X, and Facebook.