In early 2025, the HellCat-affiliated threat actor ‘Rey’ exfiltrated 6.5 GB of data (12,000 files) from Orange Romania’s back-office systems, resulting in exposure of over 600,000 records including approximately 380,000 unique email addresses, source code, invoices, contracts, customer data, and partial payment card details. Rey claimed the breach stemmed from compromised credentials and Jira vulnerabilities and maintained access for over a month. After Orange declined ransom negotiations, Rey leaked the data on BreachForums. Orange characterized the breach as affecting a non-critical system with no impact on customer operations. Have I Been Pwned indexed the breach.