Cyber Incident Victim: Commune de Peisey-Nancroix

On March 18, 2023, the municipal network of Peisey-Nancroix suffered a cyberattack that encrypted all computer data despite existing protective measures. Municipal technicians responded rapidly to contain the incident but confirmed the compromise of all systems, including those managing essential services such as drinking water distribution and school operations. The attack potentially exposed personal data legally held by the municipality, though officials could not determine whether any information was extracted or disseminated. Authorities immediately filed a police report and notified relevant regulatory bodies, including the National Commission for Information Technology and Liberties (CNIL). The encryption of systems forced municipal services into a severely degraded operational state, with staff unable to access critical computer data for routine administrative functions. Only the town hall telephone switchboard remained fully operational during the disruption.

The attack exposed residents to risks including fraudulent emails, SMS phishing attempts, identity theft, and potential misuse of bank details held by municipal services. Officials advised heightened vigilance against suspicious communications and recommended monitoring financial accounts for unauthorized activity. Residents were instructed to change passwords if they reused credentials across municipal and personal accounts, referencing CNIL guidelines for secure password creation. The municipality provided resources to help identify phishing attempts and a template for notifying banks about compromised payment details. Service disruptions persisted post-incident, with no estimated timeline for full restoration of computer systems. The town hall acknowledged the operational inconveniences and apologized to residents while maintaining in-person availability during regular business hours. Restoration efforts remained ongoing as of the March 24, 2023, public disclosure.