Cyber Incident Victim: AKTO
Date:
Mar 2025
Location:
France
Summary
AKTO experienced a cyberattack that encrypted data to block access to certain tools and exfiltrated technical and personal information, while no funds were stolen and linked partners faced no risk of malware infection. The organization filed a complaint, prompting investigations by the Office Anti‑cybercriminality of the DNPJ with ANSSI providing support, and notified the CNIL under GDPR obligations as the extracted data remains partially unidentified. Digital deposit and training dossier instruction services were suspended, the Mon Espace portal was affected, and integrity testing continues as efforts proceed to restore the platform. Stakeholders including companies, trainees, providers, CFA and training organizations are being informed, with direct communication promised once the data nature is clarified and regular updates posted on the institutional site.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Sunday,AKTO experienced an intrusion of its information system that took the form of a cyberattack designed to block access to certain tools by encrypting data and to extract technical and personal data. The attack did not result in the theft of any financial resources. From a technical standpoint, the actors who are electronically linked to AKTO were not exposed to any risk of infection by a possible virus.
In response to the fraudulent act, AKTO filed a complaint and judicial investigations are being conducted by the Office Anti‑cybercriminality of the Direction nationale de la police judiciaire. The Agence nationale de la sécurité des systèmes d’information has been informed and is providing support in the investigation. Under the obligations of the General Data Protection Regulation, the Commission nationale de l’informatique et des libertés has been notified to assess the situation and the relevance of the information actions undertaken.
As a precaution, the digital deposit and instruction functions for training files have been suspended to secure the conditions for a eventual resumption of services. The online services portal known as « Mon Espace » has been affected by the intrusion, although it was not the origin of the attack. AKTO is actively working to restore the portal while integrity tests continue on each component of its tools and applications. The suspension remains in effect while the integrity tests are ongoing.
The data that were extracted by the attackers are described as partial, and investigations are ongoing to determine their exact nature. Once the precise nature of the compromised information is established, AKTO commits to informing directly the affected parties, which include companies, trainees benefiting from funded training, and all providers, CFA and training organizations. AKTO also pledges to provide regular updates on the incident through its institutional website AKTO.fr. The company states that it will continue to inform its stakeholders as soon as accurate details about the leaked data become available.