In the wake of a significant data breach that exposed sensitive details of over 850,000 customers, Orange Belgium is rolling out an additional layer of security to combat SIM-swapping fraud — a cybercrime that continues to grow in both scale and sophistication.

The move follows intense scrutiny from Belgian regulators and growing concerns among cybersecurity experts over the ease with which criminals can hijack phone numbers and, by extension, access users’ banking, messaging, and authentication services.

From Breach to Action

Back in July 2025, Orange Belgium revealed that attackers had accessed one of its IT systems. The exposed data didn’t include banking details or passwords, but it did include highly sensitive mobile service information: phone numbers, SIM card numbers, tariff plans, and crucially, PUK codes.

While that might sound technical, these details are gold for SIM-swap scammers. Armed with them, a bad actor could trick a telecom operator into transferring a victim’s number to a new SIM, effectively taking control of the user’s identity — including two-factor authentication codes sent via SMS.

The New SMS-Based Verification System

In response, Orange Belgium has introduced a verification step via SMS for any attempt to port a number to a new SIM or provider.

Here’s how it works:

• If someone tries to transfer a phone number, Orange will send an SMS to that number.
• The legitimate user will then have eight hours to reply with the word “STOP” if they did not initiate the request.
• If no response is received, the transfer proceeds.

To add clarity and prevent confusion, private customers will receive the message from the number 5000, while business users will see 5995 as the sender.

The system doesn’t block all fraud, but it creates a crucial window where users can intercept suspicious activity — something previously missing from Belgium’s number-porting process.

Regulatory Backing and Industry Implications

The measure was approved and fast-tracked by BIPT, Belgium’s telecom regulator, which has been pushing for stronger protections around SIM swaps. The institute has also confirmed it will monitor the rollout closely, and has encouraged other operators to consider similar safeguards.

This move aligns Belgium with broader trends in telecom security. In countries like the U.S., carriers such as AT&T and T-Mobile have already introduced optional “port locks” and PIN requirements to prevent unauthorized transfers.

In comparison, Belgium had relatively few barriers in place — until now.

Growing Threat, Global Response

SIM-swapping isn’t new, but it’s becoming more dangerous. Criminals often combine breached data with social engineering or phishing tactics to bypass security checks. Once in control of a phone number, they can:

• Reset email and bank account passwords
• Bypass two-factor authentication
• Impersonate victims to friends, family, or institutions

A simple SMS verification won’t stop all of that — but it might buy users just enough time to stop an attack before it starts.

A Wake-Up Call for Telcos and Consumers

Orange Belgium’s quick response to the breach is a sign that telecom operators are beginning to treat SIM fraud as a systemic issue rather than isolated incidents.

It’s also a wake-up call for users: protecting your mobile number is now just as important as protecting your bank account. That means:

• Avoiding the use of SMS-based two-factor authentication when possible
• Being cautious about what personal info you share online
• Watching closely for any unusual texts or porting notifications

The stakes are higher than ever—and now, at least in Belgium, the defenses are a little stronger.