Cyber Incident Victim: Porte-de-Savoie
Date:
Mar 2023
Location:
France
Summary
A cyberattack targeted the IT network of a municipal administration in France, compromising personal data from services such as after-school programs and potable water management. Despite rapid containment efforts, attackers extracted and publicly leaked portions of the victim's data. The incident disrupted municipal operations for weeks, delaying water billing cycles and restricting access to critical software systems. Recovery relied on recent server backups, with full restoration anticipated within several weeks. Authorities filed a police report and notified the national data protection agency. The breach exposed individuals to potential fraud risks, though specific exfiltrated data types remained undetermined at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 6, 2023, the municipal administration of Porte-de-Savoie in Auvergne-Rhône-Alpes, France, experienced a cyberattack targeting its computer network despite existing internal security measures. The attack compromised municipal servers, resulting in the unauthorized extraction and subsequent online publication of a portion of the commune's data. Technical teams responded rapidly to contain the breach, though officials confirmed that personal information legally held by the municipality had been exfiltrated. This data related to routine administrative services, including records from after-school programs and drinking water management systems. At the time of the April 3 update, authorities remained unable to identify precisely which datasets or individuals were affected by the theft. The incident triggered immediate legal obligations, with the municipality filing a formal complaint with the National Gendarmerie and notifying France's data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), as required under data breach regulations.
Operational recovery efforts relied on recent server backups maintained by the municipality, which enabled full data restoration despite the attack’s severity. System restoration reportedly spanned several weeks, with completion anticipated by April 11, 2023. During this period, municipal software systems remained inaccessible, forcing the postponement of routine administrative processes including drinking water billing typically issued in March. Persistent service disruptions lasted through early April, as confirmed in the commune’s April 4 update. Officials publicly acknowledged the attack’s consequences, including elevated risks of fraudulent communications targeting residents and potential identity theft attempts stemming from the stolen data. The municipality directed citizens to monitor financial accounts and provided standardized language for bank notifications related to potential payment credential exposure. While confirming functional restoration of critical services by mid-April, the administration issued formal apologies for operational inconveniences caused by the extended recovery timeline.