Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

France fines telcos €42M for issues leading to 2024 breach

CNIL fined Free and Free Mobile €42 million for GDPR breaches after a data attack exposed personal details of over 24 million customers, including financial data.

  • CNIL issued a €42 million fine to two French telecom companies for GDPR violations, splitting penalties as €27 million and €15 million based on Iliad's 2024 turnover and profit.
  • The breach began on September 28, 2024, and the attacker started exfiltrating records on October 6, 2024; companies were notified by a message from the attacker on October 21, 2024, and Free ousted the intruder the following day.
  • A post-mortem showed MOBO enabled access to 24,633,469 fixed and mobile contract records, including 19,460,891 Free Mobile contacts and 5,172,577 Free contracts.
  • CNIL highlighted weaknesses in VPN authentication and abnormal‑behaviour detection, finding three GDPR breaches: inadequate data security, poor communication to affected users, and non-compliant retention.
  • Iliad Group's Free Mobile, with around 15.5 million subscribers, and Free, with approximately 7.6 million, are separate businesses facing wide consumer impact and regulatory scrutiny.
Insights by Ground AI

22 Articles

BleepingComputerBleepingComputer
Center

France fines Free Mobile €42 million over 2024 data breach incident

The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. [...]

Read Full Article
The RegisterThe Register
Center

France fines telcos €42M for issues leading to 2024 breach

: Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits

Read Full Article
Le ParisienLe Parisien
Lean Right

"An Exemplary Decision": Why Cnil Hit Free so Hard After Its Data Leak

The EUR 42 million fine imposed by the Cnil (National Commission on Informatics and Freedoms), denounced by the Internet operator and provider, is also intended to encourage other companies to increase their security.

·Paris, France
Read Full Article
franceinfo.frfranceinfo.fr
Lean Left

The Cnil Fined Free €42 Million After a Massive Data Theft, the Operator Denounces a "Decision of Unprecedented Severity"

A 16-year-old minor, suspected of being the author of the piracy, had been charged in January 2025.

Read Full Article
Capital.frCapital.fr
Lean Right

Free (Iliad): Condemned by the Cnil, the Operator Deplores a "Decision of Unprecedented Severity"

Sentenced to €42 million in fines by Cnil for data theft, Free denounced this decision and announced its willingness to file an appeal with the Conseil d'Etat.

Read Full Article
lindependant.frlindependant.fr
Center

Theft of Customers' Personal Data: a Record €42 Million Fine for Free

This data theft involved 24 million contracts at Free mobile and Free in October 2024. The reason for this was a security flaw that allowed a computer hacker of only 16 years to enter the system...

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 38% of the sources lean Left, 37% of the sources are Center
38% Left

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Clubic.com broke the news on Wednesday, January 14, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Hacking icon

Hacking

Theft icon

Theft

Cyberattacks icon

Cyberattacks

Technology icon

Technology

Cyber Security icon

Cyber Security

France icon

France

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal