• What happened?
[TCL Europe and/or TCT Mobile Europe SAS] wish to inform you, as a consumer of our products and services, that our subsidiary responsible for managing our after-sales telephone service was recently the target of a cyberattack affecting part of its servers and information systems.
On April 2025, our subsidiary - acting as our data processor - Global Customer Care Service S.R.L. ("GCCS") was affected by a ransomware attack targeting three of its servers. A ransomware is a type of malicious software. In this case, the attackers used the Lockbit 4.0 malware to encrypt part of the data stored by GCCS and demanded a ransom in exchange for decryption.
The attacked servers stored phone call recordings made with our customers as part of our product after-sales support. As a consequence of such ransomware, the encrypted data could not be recovered by GCCS or our technical experts.
TCT/TCL has identified that phone call recordings made between the following dates may have been affected by the cyberattack:
- [insert applicable dates based on the country where the message is published — this will primarily concern calls made between January 2020 and December 2023 ].
The personal data affected by this cyberattack includes the following: first name, last name, phone number, customer ID and the recording of phone conversation with our after-sales service.
No financial or banking data, nor any passwords to your customer accounts, were affected by this data breach.
Therefore, if you are a customer who communicated with our after-sales service by phone on the dates listed, your personal data contained in those recorded phone conversations may have been subject to a loss of confidentiality (as cyberattackers may have accessed it) and a loss of availability (as the data could not be restored).
• Which security measures have already been implemented?
[TCL Europe and/or TCT Mobile Europe SAS] would like to underline that in response to the breach, immediate containment measures have been made including the complete shutdown of VPN tunnels and the isolation of compromised servers and workstations, in order to prevent lateral movement and further propagation of the malware.
Complementary key security measures have also been implemented to contain the breach and prevent further cyberattacks of this kind:
• GCCS has carried out a complete reinstallation of the affected machines and servers;
• IT security measures have been reinforced, particularly regarding VPN access, which had been exploited by the cyberattackers;
• An upgrade of the firewall firmware has been made, in order to enhance its security.
The competent supervisory authorities have also been notified of this personal data breach, in accordance with applicable regulations.
In addition, criminal complaints have been filed.
As a result of this ransomware attack, our after-sales service may have been disrupted, and you may have experienced difficulties reaching us in April and May 2025. The service has now returned to normal.
• What to do?
TCL/TCT would like to inform you that some of your personal data may be misused by cyberattackers for fraudulent purposes, including phishing attempts.
In order to prevent such mises, we recommend that you remain vigilant when receiving emails, text messages, or voice calls - especially from individuals claiming to represent TCL’s after-sales service.
If you have any doubts, please contact our support team directly through an alternative channel: [insert email and/or phone number].
We also recommend that you never share your financial details, credit card information, or security codes when requested by someone claiming to be from our support team. Our after-sales service will never ask for such information.
• More information?
For more information about this data breach or about how your personal data is protected, you may contact our Data Protection Officer at the following address: privacy_dpo@tcl.com.
DISCOVER THE IDEAL TV FOR YOU
START THE EXPERIENCE
Copyright © 2025 TCL. All Rights Reserved
