Free SAS

Free SAS, operating under the brand name Free, is a telecommunications operator with its headquarters located in France.
The company provides mobile telephony services through its Free Mobile division, offering voice calls and mobile data plans to individual consumers.
In addition to mobile offerings, Free supplies fixed-line broadband internet access and television packages to households across the country.
Its service portfolio is designed to deliver integrated connectivity solutions that cater to the communication and entertainment needs of residential users.
The organization focuses on delivering these services within the French market, where it competes alongside other national operators.

On 1 January 2024, Free Mobile detected a cyberattack that involved unauthorized intrusion into a management tool used to handle subscriber personal data.
The intrusion resulted in the exposure of certain personal information belonging to a subset of the operator’s customers.
Importantly, the compromised data did not include passwords, payment card details, or the content of any voice or text communications.
The security incident did not disrupt the operation of Free Mobile’s network services or affect the availability of its broadband and television offerings.
In response, Free filed a formal legal complaint with the relevant judicial authorities to pursue accountability for the breach.
The company also fulfilled its regulatory obligations by notifying the appropriate data protection agencies about the incident.
Affected subscribers were contacted by email, receiving details about the specific personal data that had been accessed and guidance on protective measures.
To remediate the vulnerability, Free deployed security enhancements to the management tool, including stronger access controls and monitoring capabilities.
These actions were undertaken to contain the breach, prevent further unauthorized access, and improve the overall resilience of its data protection framework.