The stolen data includes the customers' name, postal address, email address, phone number, and additional information about the composition of the household, the number of subscriptions household members have with Orange or competitors, and the customers' preference of how to be contacted.
The intrusion was terminated immediately after being detected, and the compromised web page - "My Account" in the client area of the Orange.fr website - taken offline for a while.
The company says that passwords haven't been compromised, but warns users that the information that was stolen is very useful for mounting phishing attacks. They explained why a phishing attack is, and urged affected customers to be on the lookout for them coming via email, SMS or telephone.
PC INpact (via Google Translate) reported that all French customers and not just the ones affected by the breach have already received a phishing warning around January 23, but that one didn't mention the intrusion.
The authorities have been notified of the breach and are investigating it, but no more details about how it was executed were shared.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.