Cyber Incident Victim: La Banque Postale
Date:
Dec 2025
Location:
France
Summary
A suspected DDoS attack disrupted France's national postal and banking services, causing widespread outages of online platforms, mobile applications, and transactional systems during peak holiday operations. The incident blocked package tracking, delayed deliveries, and hindered online banking payments, though in-person transactions remained available and banking approvals were temporarily shifted to text messaging. Customer data was reportedly unaffected. The attack occurred amid heightened cybersecurity concerns following recent incidents targeting French government entities, though no direct link was established. Authorities investigated the disruption while service restoration efforts continued, with no immediate claim of responsibility confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23, 2025, France’s national postal service La Poste and its banking subsidiary La Banque Postale experienced a major cyber incident that disrupted critical services during the peak holiday season. The attack began on Monday morning, with La Poste publicly acknowledging a “major network incident” affecting all information systems. Initial reports identified the cause as a distributed denial-of-service (DDoS) attack that overwhelmed online infrastructure. This rendered La Poste’s website (laposte.fr), mobile applications, and digital mail services inaccessible. La Banque Postale confirmed simultaneous disruptions to its online banking platform and mobile app, preventing customers from approving payments or accessing accounts electronically. Physical postal operations faced severe delays, particularly for package deliveries requiring tracking or system-based logistics, though basic letter mailing remained functional. The timing exacerbated operational strain, as La Poste had anticipated handling approximately 180 million parcels during the November-December peak period. Employees at post offices across France, including in Paris, reported chaotic scenes with frustrated customers unable to track shipments or complete digital transactions.
La Poste and La Banque Postale activated emergency response protocols, issuing public statements via social media and redirecting customers to in-person services for essential banking and postal transactions. La Banque Postale implemented a temporary workaround using SMS text messages for payment approvals to mitigate banking disruptions. Technical teams worked for over eight hours to restore systems, though services remained partially offline by Monday evening. Paris prosecutors opened an investigation into the attack, though no official attribution was provided despite unverified claims by a Russian hacktivist group. The incident occurred amid heightened cybersecurity tensions in France, following a December 17 breach of the Interior Ministry’s email systems that exposed criminal records and led to one arrest, and a separate probe into remote-control malware found on a passenger ferry. Authorities did not confirm any link between these events. La Poste emphasized no customer data was compromised, but the attack caused significant financial and reputational damage due to halted e-commerce payments and delayed parcel deliveries during a critical revenue period.