Cyber Incident Victim: Ambérieu-en-Bugey

On the morning of Tuesday, May 2, 2023, the official website of the commune of Ambérieu-en-Bugey, located in the Ain department of the Auvergne-Rhône-Alpes region, became inaccessible to the public. The website, ville-amberieuenbugey.fr, was rendered inoperable due to a cyberattack. The municipal government confirmed the incident was not a result of a compromise of their own internal communal IT system. Instead, the attack targeted their external hosting provider. The town's administration, led by Mayor Daniel Fabre, was formally notified of the situation on the evening of Tuesday, May 2. At that time, specific details regarding the nature of the attack, the identity of the threat actors, or the full scope of the intrusion were not publicly disclosed by the hosting provider. The municipality found itself in a position of limited information, awaiting further updates from its service provider on the progression of the incident and the timeline for restoration.

The primary and most immediate impact of this cyberattack was the complete denial of service for the town's main website. Residents and external parties were unable to access any information or digital services hosted on the primary domain. This disruption had a tangible effect on local administrative functions. Mayor Fabre explicitly highlighted the significant inconvenience caused by the outage, noting that many essential communal services had been completely digitized. He pointed to the process of submitting an urban planning dossier as a specific example of a critical service that was now inaccessible, potentially halting construction permits, renovation projects, and other civic planning activities that rely on the online portal.

In response to the outage, the municipality of Ambérieu-en-Bugey utilized its official Facebook page as an alternative channel for public communication. Through a post on the social media platform, the town informed its citizens of the cyberattack affecting the main website. This communication served to provide transparency about the incident and to manage public concern. Crucially, the Facebook post also contained a workaround for a key municipal service. It indicated that access to the "Portail Famille" remained functional. This portal, a dedicated platform for family-related services, was accessible via a separate subdomain, famille.ville-amberieuenbugey.fr. The continued operation of this subdomain suggested that the cyberattack's impact was contained to the primary hosting infrastructure and did not necessarily compromise all related web assets, allowing vital services like school registrations or activity payments to continue uninterrupted.

This incident in Ambérieu-en-Bugey occurred within a broader context of heightened cyber activity targeting public entities in the Ain department during the spring of 2023. Just a few days prior, on Saturday, April 29, the website of the town of Reyrieux, also located in Ain, had been the target of a similar cyberattack. Furthermore, in early April, a more extensive and severe cyberattack had impacted the Centre hospitalier de Bourg-en-Bresse. That attack had compromised the entire IT network of the Burgien hospital and extended to other medical establishments managed by the same direction of Fleyriat. This included hospitals in Hauteville, Pont-de-Vaux, and Meximieux, as well as nursing homes (EHPADs) in Montrevel-en-Bresse, Coligny, and Cerdon. The cluster of these incidents within a small geographic area and a short timeframe points to a potential trend of threat actors focusing on regional public sector targets, though no explicit connection between the attacks was stated by officials. The incident at Ambérieu-en-Bugey exemplifies the vulnerabilities faced by local governments that depend on third-party providers for critical IT infrastructure, demonstrating how an attack on a single service provider can disrupt the digital public services of an entire municipality. The response highlighted the importance of having established contingency communication plans, such as using social media, to maintain contact with citizens during a crisis. The full recovery timeline for the website and any potential data exfiltration related to the attack on the hosting provider were not detailed in the immediate aftermath of the event.