Cyber Incident Victim: Commune de Neupré

On or around January 1, 2023, the municipal administration of Neupré and its CPAS (Public Social Welfare Center) experienced a cyberattack executed via spear-phishing. Attackers successfully compromised the credentials of two employee accounts within the commune's systems. The commune's cybersecurity infrastructure detected the intrusion, triggering an immediate response to terminate the attacker's access. A subsequent forensic analysis confirmed the breach was limited to personal data contained within the compromised email accounts, specifically address books and email content. This access enabled the threat actor to leverage the stolen information to conduct additional phishing campaigns targeting external recipients identified through the compromised communications. The commune characterized the incident as resolved following access termination and initial containment measures, though reactive protocols to address the attack's aftermath remained under implementation at the time of reporting.

The confirmed impact included unauthorized access to personal data within the two breached email accounts, though no broader system compromise or theft of financial data, passwords, or credit card information was identified. The attacker exploited the stolen address books and email content to perpetuate further phishing attempts beyond the initial commune targets. Neupré officials publicly disclosed the incident, emphasizing transparency regarding the data exposure while assuring constituents that proactive security measures had contained the breach. The commune initiated standard post-incident procedures, including notifying affected parties and reinforcing public awareness regarding phishing risks. No operational disruptions or financial losses were reported, with response efforts focused on mitigating potential secondary attacks stemming from the stolen contact information and educating recipients on identifying suspicious communications.