Eurofiber said cybercriminals stole company data during an attack on November 13 that affected only its French operations, including the cloud division and regional brands Eurafibre, FullSave, Netiwan and Avelia.
The company reported that attackers exploited a vulnerability in its ticket management platform and accessed the data stored there. Eurofiber said the compromised information did not include banking details or other critical data and that the vulnerability has been patched; the firm published a disclosure outlining the incident.
Eurofiber did not specify the scale of the attack or how many individuals were affected in France, and said personnel located in Belgium, Germany and the Netherlands were not impacted. It described the overall business impact as “limited,” while acknowledging that some systems used by indirect sales and wholesale partners experienced operational effects; customer-facing services remained fully operational, it added.
The company said it placed the ticketing platform and the ATE portal under enhanced security in the hours after detection, implemented additional measures to prevent further breaches and is working with cybersecurity experts to support clients. Eurofiber also notified affected customers and reported what it described as an extortion-related attack to French cybersecurity agencies CNIL and ANSSI, which suggested the attackers might be holding stolen data to ransom; the company did not say whether a ransom was paid.
Eurofiber is a B2B wholesale digital infrastructure provider rather than a consumer-focused operator and is smaller than major French telcos. In its most recent annual results it reported €308 million in revenue; by contrast, Orange posted €9.9 billion in Q3 2025.
The incident follows a series of recent cyberattacks on B2B telecoms firms, including outages at ICUK and a longer remediation at Colt. While the Warlock ransomware group claimed the Colt attack, Colt has not said ransomware was involved and recovery work from its earlier intrusion is ongoing.