Cyber Incident Victim: Le Parvis Scène Nationale Tarbes-Pyrénées

On June 28, 2024, Le Parvis Scène Nationale Tarbes-Pyrénées in Ibos was notified by its online ticketing service provider of a cybersecurity incident involving unauthorized access to a production server. Attackers stole login credentials, compromising the confidentiality of personal data stored on the affected server. The breach resulted in potential exposure of customer names, first names, email addresses, telephone numbers, and postal addresses. Financial information was not impacted. The incident was declared closed by the time of disclosure, though the exact timeframe of initial intrusion and containment was not specified. Le Parvis confirmed the attackers exploited stolen credentials to access the server but did not detail the initial attack vector or duration of unauthorized access.

Le Parvis initiated password resets for all online ticketing accounts, invalidating existing credentials to prevent further misuse by attackers. The organization formally notified France’s data protection authority (CNIL) of the breach in compliance with regulatory requirements. Compromised personal data was assessed to pose risks of phishing and credential-stuffing attacks due to the exposure of authentication details and contact information. Le Parvis publicly advised affected individuals to monitor for suspicious communications but refrained from prescribing specific technical mitigations beyond referencing CNIL resources. The organization established a dedicated contact channel ([email protected], phone, and in-person support) for incident-related inquiries while emphasizing ongoing coordination with the vendor on technical and legal response measures. No operational disruptions to venue activities or additional system compromises beyond the ticketing server were reported.