Cyber Incident Victim: L'Immaculée-Conception
Date:
Jul 2022
Location:
France
Summary
A private Catholic school in Pau experienced a significant ransomware attack that encrypted administrative documents, accounting records, and schedules, causing severe operational disruption. The attackers demanded payment, but the institution refused to engage or pay the ransom, instead filing a police report. Recovery efforts involved reconstructing lost data through email backups and physical documents, with priority given to restoring payroll systems to ensure staff salaries. While no personal data was compromised, critical certification files for vocational training programs were permanently lost. The incident highlighted vulnerabilities in interconnected systems and underscored the necessity of regular data backups. Police continue investigating the attack, which incurred substantial recovery costs for the institution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyberattack on Ensemble scolaire Immaculée Conception in Pau was detected on July 9, 2022, when the institution's IT manager, Noël Turpin, remotely connected to the school's systems and observed widespread malfunctions. Upon physically inspecting the facilities located near the Parc des Expositions, Turpin encountered on-screen messages confirming a ransomware attack that had encrypted administrative data. The compromise resulted in the complete loss of critical operational documents including accounting records, circulars, and pre-prepared academic schedules for the upcoming school year. Attackers left communication channels—likely email-based—to facilitate ransom negotiations, mirroring tactics previously used against Oloron-Sainte-Marie Hospital in 2021. School director Christian Espeso immediately ruled out payment or engagement with the threat actors, citing the absence of guarantees regarding data recovery, and filed a formal complaint with Pau police.
The incident paralyzed all three divisions of the 2,600-student institution: the primary/secondary school, vocational lycée, and apprenticeship training center (CFA). Staff faced significant operational disruptions, requiring manual reconstruction of lost documents using residual email records and physical archives, with priority given to restoring payroll systems to ensure timely salary payments. While no personal data breaches occurred, the CFA lost its Qualiopi certification dossier—a 1.5-year project essential for regulatory compliance—jeopardizing an upcoming inspection. Recovery efforts involved the full mobilization of the school's 360 employees, including 240 teachers, who manually recreated academic materials before the unaffected September start. Residual impacts persisted through the academic year, particularly for the CFA, with investigators regularly requesting evidence from the school. The attack followed smaller-scale incidents two years prior that had been mitigated through backups, though the exact infiltration vector for the 2022 breach remained undetermined despite existing remote access protocols. Financial repercussions were absorbed internally without tuition increases, while operational changes focused on enhancing system segmentation and backup frequency.