Orange Romania, a subsidiary of the French telecommunications company Orange, has confirmed a data breach affecting hundreds of thousands of its customers. The breach, which was discovered after a hacker leaked company documents, involved the exposure of email addresses, phone numbers, subscription details, and partial credit card information. Approximately 17% of the affected email addresses were already compromised in previous breaches, according to data from Have I Been Pwned. The breach primarily targeted Orange Romania's YOXO platform, which offers digital subscriptions. The exposed data included personal information of YOXO customers such as names, usernames, phone numbers, and email addresses. Additionally, contact details of employees and representatives of corporate clients were compromised. Orange Romania has initiated notifications to affected customers and is taking measures to mitigate the impact of the incident. The breach involved 600,000 customer data records and 380,000 unique email addresses. The hacker, identified as Rey and associated with the HellCat ransomware gang, had access to Orange's systems for over a month before stealing the data. The breach was facilitated by exploiting the Atlassian Jira software, allowing the hacker to exfiltrate 6.5 GB of data. After an unsuccessful attempt to extort money from Orange, Rey published the stolen data on a criminal forum. Orange has stated that most of the compromised data is outdated and has launched an investigation into the breach.