In October 2024, someone broke into the systems of French telecom operators Free and Free Mobile. The entry point was simple: the VPN was missing. multi-factor authentication. The attacker accessed personal data of 24 million subscribers, including IBAN numbers. The French data protection authority CNIL found three violations: insufficient security, shortcomings in notifications, and data of former customers stored for too long. The fine was 42 million euros.
What does this mean to you?
Enable multi-factor authentication on all entry points that provide access to personal data — email, cloud, VPN, HR system. It is the single measure that most often distinguishes a break-in from a disaster.
Inspired by: CNIL