Cybersecurity Incident at Eurofiber France: Key Details Unveiled
On November 13, 2025, Eurofiber France confirmed a cybersecurity incident following the detection of unauthorized activity. The breach exploited a software vulnerability, granting a malicious actor access to sensitive data from the company’s ticket management platform and the ATE customer portal.
Overview of the Incident: Impacted Systems
The incident specifically affected Eurofiber France’s central ticket management platform, which supports regional brands including Eurafibre, FullSave, Netiwan, and Avelia. Additionally, the ATE portal, part of the Eurofiber Cloud Infra France services, was also compromised. The company disclosed that the hacker took advantage of a weakness in the shared environment, leading to the unauthorized extraction of customer data.
Importantly, Eurofiber clarified that the breach was confined to customers in France who utilize the impacted platforms. Clients in other countries, such as Belgium, Germany, and the Netherlands, remained unaffected, as did those using the Eurofiber Cloud Infra service in the Netherlands. Furthermore, the repercussions for indirect sales and wholesale partners in France were minimal since the majority operate on distinct systems.
Swift Response and Containment Actions
Upon identifying the breach, Eurofiber France acted quickly to fortify security around the ticketing platform and the ATE portal. The vulnerability was patched immediately, and additional protective measures were implemented. The company’s internal teams, in collaboration with external cybersecurity professionals, are currently working to assist customers in evaluating and managing the potential impact of the incident.
Eurofiber reassured stakeholders that no sensitive financial data, including bank account details or critical regulated information stored in other systems, was compromised during the event. Notably, all services continued to operate normally, ensuring there was no disruption to customer connectivity or service availability. Affected customers were promptly notified about the breach, and Eurofiber committed to providing regular updates as the investigation progresses.
Regulatory Compliance and Investigation Progress
Following European regulatory guidelines, Eurofiber France has informed the CNIL (the French Data Protection Authority under GDPR) and reported the breach to ANSSI (the French National Cybersecurity Agency). Additionally, a police report has been filed regarding an extortion attempt linked to the incident.
Throughout this remediation process, the company has expressed its dedication to transparency, data protection, and the ongoing enhancement of its cybersecurity measures.
External Insights: Potential Data Exposure
According to research conducted by International Cyber Digest, a third-party cybersecurity group, the breach may have compromised information belonging to approximately 3,600 customers. Analysis indicated that the threat actor, known as “ByteToBreach,” gained full access to Eurofiber’s GLPI database, which included client data, support tickets, internal communications, passwords, and API keys.
Researchers noted that Eurofiber’s GLPI installation was possibly operating on versions vulnerable to exploitation, specifically between 10.0.7 and 10.0.14. The attacker claimed to have carried out a slow, time-based SQL injection attack, extracting nearly 10,000 password hashes over a 10-day period. Reports suggest that the assailant utilized administrator-level API keys to download internal documents and personally identifiable information (PII) of customers.
ByteToBreach also stated that it attempted to negotiate ransom demands with both GLPI’s developer, Teclib, and Eurofiber; however, these efforts received no response.
Eurofiber’s Infrastructure and Commitments Post-Incident
Eurofiber France operates an extensive fiber network of over 76,000 kilometers and maintains 11 data centers. The company serves between 9,000 and 12,000 business and government clients, including various prominent public institutions and private organizations within France.
The company has affirmed that all systems are now secured and that enhanced monitoring and preventive practices are firmly in place. Eurofiber’s teams continue to operate fully mobilized until the cybersecurity incident is entirely resolved.
