Main menu


Orange Business Services confirms a third-party data breach affecting employee data. Console and Associates, PC

featured image

On August 3, 2022, Orange Business Services (“OBS”) announced that after an unauthorized third party accessed confidential data of OBS employees contained in the network of its non-subsidiary affiliate, Orange Silicon Valley, We have confirmed that the company has experienced a data breach. According to OBS, the breach compromised the names, Social Security numbers, and dates of birth of certain employees and employees of affiliated companies. OBS recently sent a data breach letter to all affected parties informing them of the incident and what they can do to protect themselves from identity theft and other fraud.

If you receive a data breach notification, it’s essential to understand what’s at risk and what you can do about it. For more information on how to protect yourself from becoming a victim of fraud and identity theft and your legal options following the Orange Business Services data breach, see our recent article on this topic. here.

What we know about the Orange Business Services data breach

According to an official notice filed by the company, on March 17, 2022, Orange Silicon Valley (“OSV”), a non-subsidiary affiliate of Orange Business Services, discovered that an unauthorized person had accessed its OSV network. did. In response, OSV removed firewall devices designed to protect against intruders and began investigating the incident. The investigation was unable to determine what information the unauthorized party was able to access, but on May 20, 2022, OSV informed his OBS that the affected server had identified his OBS employee I informed you that it contains employee data. Additionally, on June 8, 2022, OBS was informed that the breach also affected his OBS-related employees whose personal information was stored on the compromised servers.

Upon discovering that sensitive consumer data was accessible to unauthorized third parties, Orange Business Services examined the affected files to identify the compromised information and affected consumers. Did. The information compromised varies from individual to individual, but may include names, dates of birth, and social security numbers.

On August 3, 2022, Orange Business Services sent a data breach notification to all individuals whose information was compromised as a result of recent data security incidents.

Headquartered in Ile-de-France, France, Orange Business Services is the business services division of Orange SA, a $48 billion French telecommunications company. OBS provides a wide range of business services for companies moving into the digital age, including cloud services, data security services, and VoIP services. The company also acts as a consultant for companies looking to achieve digital transformation. Orange Business Services employs over 28,500 people and has annual sales of approximately $6 billion.

Who Is Responsible After a Data Breach?

The Orange Business Services data breach is relatively recent news and additional information will be announced in the near future. However, at this time, it appears that the OBS breach involved unauthorized access to another company’s IT network, which included confidential information of his OBS employees as well as affiliated company employees. . In situations like this, determining which company is responsible for a data breach can be complicated, and consumers whose information has been compromised may not know where to look for answers.

As a general rule, any company that maintains, stores, transmits, or receives consumer data has legal obligations to the consumer, regardless of whether the compromised company received the information directly from the consumer. In fact, in most cases, it doesn’t matter how a company obtained consumer or employee data. Instead, the question is whether the company that hacked or otherwise leaked the information was at fault.

Turning to the Orange Business Services data breach, Orange Silicon Valley appears to be the most likely party to blame, based on the company’s data breach letter. However, it is too early to determine whether the violation was the result of the company’s negligence. A thorough investigation of the facts leading up to the violation should be made before making this decision.

In the context of a data breach lawsuit or data breach class action lawsuit, a company may be found to be financially liable for victim damages if the victim can prove the following factors:

  • The organization had a duty of care to the victim.

  • The organization violated its obligations to the victim.

  • The negligence of the organization caused or contributed to the victim’s harm (i.e. identity theft).When

  • As a result, the victim suffered financial or non-financial damage.

While this may sound simple, proving these factors can be difficult. Especially in cases like this where the compromised data was shared between companies. An experienced data breach attorney can help victims of a Proliant data breach evaluate their options and determine whether legal claims may be filed against either company.