Cyber Incident Victim: IndiGo

Groupe INDIGO issued an alert on April 1, 2025, announcing that it had been the victim of a cyber incident affecting the group. The company stated that it had immediately taken appropriate measures and had engaged competent experts to assist in resolving the incident. It urged recipients to exercise vigilance when receiving messages such as emails or SMS that might appear to originate from INDIGO. The alert indicated that updated information would be made available on the designated page.

On April 19, 2025, La Voix du Nord reported that Indigo, the operator of paid parking facilities, had disclosed a cybersecurity incident through its website and an email sent Friday evening to its users. The intrusion allowed malicious actors to access the company’s information system, potentially leading to unauthorized access to certain personal data. The compromised data included email addresses, license plate numbers (if provided by the user), names, telephone numbers, and postal addresses. No banking data or passwords were stolen, and the Indigo Neo accounts remained protected. As of the report, no fraudulent use of the exposed data had been observed, and the company had filed a complaint while strengthening the security of its systems.

Indigo emphasized that it would never request banking data or passwords via mail, email, or telephone, warning users about the heightened risk of phishing attempts leveraging the exposed information. The article also noted that numerous cyberattacks had targeted French companies and public entities in recent months, citing examples such as Boulanger, Picard, Intersport, Free, Norauto, hospitals, retirement insurance agencies, and municipalities.