French telecommunications group Orange said Wednesday that a breach last month resulted in the theft of the personal information of 1.3 million of its customers, including phone numbers, dates of birth, and email addresses.
No payment information or credit card numbers were stolen in the breach, but the Paris-based company sent emails to affected customers warning that they may be targeted by phishing scams that attempt to extract more sensitive financial information, such as credit card numbers or passwords.
"The data recovered could be used to contact those concerned by email, SMS or by phone, particularly for phishing purposes," the group warned in a statement.
The breach, Orange's second in three months, comes at a time of heightened attention on companies' cybersecurity procedures. Companies have been busy reinforcing their defenses in the wake of a massive security breach at US retailer Target and the revelation that the Heartbleed bug left unencrypted information available for the taking from web servers.
The breach was detected April 18, but Orange said customer notification was delayed to allow for investigation and repair of the issue. Orange also reported in February that the personal information of about 800,000 of its customers was stolen in a similar attack in January.
Both hacks came not long after Orange CEO Stephane Richard signed a charter in which the company pledged to protect its customers' personal data and respect their privacy.
Like retailers, telecoms have also been targeted by hackers for the valuable personal information they hold. Vodafone Group's German unit revealed last September that the personal data of 2 million of its customers had been exposed in a hack.