Cyber Incident Victim: Département Hautes-Pyrénées

On November 7, 2024, the messaging system of the Département des Hautes-Pyrénées experienced a disruptive cyberattack that rendered it inoperable by Thursday morning. The department publicly acknowledged the outage on its website the following day, November 8, instructing users to prioritize telephone communication or an alternative online messaging platform until services could be restored. Director General of Services Pascal Saurel confirmed the incident stemmed from a targeted cyberattack, though the organization's security protocols enabled rapid detection and isolation of the compromise to the messaging infrastructure alone. No other departmental systems were reported as affected. The attack caused significant operational disruption, forcing staff and citizens to rely on secondary communication channels for essential interactions. Saurel emphasized there was no evidence of data exfiltration or compromise of sensitive information, noting the absence of ransom demands or threat actor communications.

Technical teams initiated immediate internal recovery efforts following the attack's containment, aiming to restore messaging functionality by early the following week. As a precautionary measure, the department engaged its contracted provider from the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI), scheduling their intervention for Tuesday, November 12. Saurel maintained throughout the incident that departmental control remained uninterrupted, characterizing the event as a contained technical failure rather than a systemic security breach. The disruption persisted for multiple days, with recovery timelines dependent on completion of internal diagnostics and ANSSI's subsequent forensic review. No additional collateral impacts on public services, financial systems, or data integrity were disclosed by departmental officials during the initial response phase.