Cyber Incident Victim: Agence pour l'enseignement français à l'étranger

On November 6, 2023, the Agence pour l'Enseignement Français à l'Etranger (AEFE) detected service unavailability affecting one of its applications, prompting an investigation by its service provider ELAP. ELAP identified a cyber intrusion on a server exclusively dedicated to AEFE operations, where ransomware had been deployed. Immediate containment measures were implemented to secure the platform. Following ELAP’s provision of security guarantees, AEFE authorized service restoration on November 15. ELAP continued supporting AEFE throughout the incident and collaborated with authorities by sharing available information. By November 19, ELAP and its partners confirmed AEFE was the sole affected client and verified that data exfiltration had occurred. The compromised dataset included personal information such as copies of identity documents and banking details.

AEFE formally reported the incident to France’s National Cybersecurity Agency (ANSSI), filed a legal complaint with judicial authorities, and notified the National Commission for Information Technology and Civil Liberties (CNIL). Ongoing forensic efforts focused on precisely cataloging exfiltrated personal data, which involved records from schools, AEFE central services, and detached personnel. Locally recruited staff and supplier data were also potentially exposed. AEFE disseminated precautionary measures to its network of institutions, advising vigilance against malicious activities, with instructions relayed to school staff. The agency emphasized the criminal nature of unauthorized data extraction, possession, or transmission under French law while acknowledging the time-intensive process of identifying all affected individuals. Public communications aimed to broadly inform communities and facilitate implementation of protective actions alongside localized advisories.