Cyber Incident Victim: CERP Bretagne Atlantique

On October 19, 2024, the pharmaceutical logistics cooperative CERP Bretagne Atlantique suffered a cyberattack disrupting its operations. The Saint-Brieuc-based company, which supplies approximately 1,800 pharmacies across Brittany, Centre-Val-de-Loire, Pays-de-la-Loire, and Nouvelle-Aquitaine, experienced immediate impacts to its online order reception system. Pharmacies reported failed deliveries scheduled for the morning and afternoon of October 19, forcing them to rely on existing stock while awaiting resolution. The cooperative, employing 650 staff across 81 facilities that distribute over 8 million pharmaceutical products monthly, suspended normal distribution activities during the incident. By October 20, the Agence Régionale de Santé Bretagne confirmed the compromise specifically affected information systems handling pharmacy orders in the four western French regions.

CERP's technical teams restored online ordering functionality by the evening of October 20 with support from Orange Cyber Défense and specialized cybersecurity firms. The organization maintained communication with client pharmacies regarding delivery rescheduling, anticipating a rapid return to normal operations. No data theft or secondary impacts beyond order processing disruptions were disclosed in available reports. CERP filed a formal complaint with the Paris prosecutor's office, which holds jurisdiction over cybercrime investigations. The incident caused temporary logistical interruptions but did not compromise pharmaceutical product integrity or create reported medication shortages among affected pharmacies.