Date of incident: November 13, 2025
Affected entity: Eurofiber France (ticket-management platform and ATE customer portal)
Summary:
Eurofiber France disclosed a cyber incident in which attackers exploited a software vulnerability in its ticket-management platform and the ATE customer portal belonging to its cloud division. The affected systems are used by several Eurofiber-associated regional brands, including Avelia, Eurafibre, FullSave, and Netiwan. The threat actor claims to have exfiltrated sensitive operational data, internal communications, configuration files, and authentication materials. This breach appears confined to the company’s French operations, with no reported impact on Eurofiber units in Belgium, Germany, or the Netherlands.
What Happened
Eurofiber France confirmed that attackers exploited a vulnerability in its internal ticket-management platform and in the ATE customer portal. The compromised environments contained support tickets, internal documentation, and configuration files associated with service-delivery operations.
The threat actor claims to have stolen a broad dataset, including internal messages, VPN credentials, source code, API keys, backups, and service configuration details. External researchers indicate that the accessible data suggests deep system visibility and potential administrative access.
Impact
- Support tickets, operational documentation, and configuration files were exposed.
- Stolen data allegedly includes VPN credentials, authentication keys, API secrets, and internal technical material.
- External analysts estimate that at least 10,000 customer records may be affected, though the full scope remains under investigation.
- The nature of the affected platforms (ticketing and IT-service management systems) introduces supply-chain risk for downstream organizations served by Eurofiber’s French subsidiaries.
- No known impact to Eurofiber operations outside France.
Cause of the Breach
The breach stemmed from a software vulnerability in systems supporting Eurofiber France’s ticketing and customer-service portals. The exploited platform contained sensitive operational information traditionally associated with IT service management workflows, which magnified the potential downstream risk once compromised. The vulnerability enabled unauthorized access and subsequent data exfiltration.
Response
Eurofiber France immediately secured the affected systems, applied patches, and activated incident-response procedures.
The company notified CNIL (France’s data-protection authority), ANSSI (France’s national cybersecurity authority), and filed a formal extortion complaint with law enforcement.
Eurofiber stated that banking details and other high-sensitivity information stored elsewhere were not affected and that service availability remained intact throughout the event.
Significance
This breach demonstrates how ticket-management and ITSM platforms—often overlooked compared to core production systems—can serve as high-value targets for attackers. These platforms frequently contain configuration files, workflow histories, credentials, and internal messaging that can act as stepping stones for lateral movement or downstream compromise.
The incident also underscores the security challenges faced by infrastructure-specialist providers: even if the breach is limited to auxiliary systems, the operational intelligence and configuration data exposed can pose serious risks to customers and interconnected service ecosystems.
Sources
SecurityWeek — Data stolen in Eurofiber France hack
https://www.securityweek.com/data-stolen-in-eurofiber-france-hack/
Security Affairs — Eurofiber confirms hack, data theft, and extortion attempt
https://securityaffairs.com/184822/data-breach/eurofiber-confirms-november-13-hack-data-theft-and-extortion-attempt.html
BleepingComputer — Eurofiber France warns of breach after hacker tries to sell customer data
https://www.bleepingcomputer.com/news/security/eurofiber-france-warns-of-breach-after-hacker-tries-to-sell-customer-data/
SOCRadar — Eurofiber breach: Critical infrastructure data exposed
https://socradar.io/eurofiber-breach-critical-infrastructure-data-europe/
GBHackers — Eurofiber confirms data breach impacting ticket systems
https://gbhackers.com/eurofiber-data-breach/
Have I Been Pwned — Eurofiber breach entry
https://haveibeenpwned.com/Breach/Eurofiber