Cyber Incident Victim: Institut Commercial de Nancy
Date:
Jan 2024
Location:
France
Summary
ICN Business School experienced a cyberattack involving unauthorized system intrusion, with perpetrators threatening to publish the institution's data on the darknet unless a ransom was paid. The school promptly activated a crisis response team, notified national cybersecurity authorities, and collaborated with law enforcement while filing a formal complaint. Impacted systems contained personal information, though no malicious data misuse had been confirmed; protective measures included isolating connections to affiliated networks to prevent broader compromise. Affected staff, students, and families were notified of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 24, 2024, ICN Business School in Nancy, France, filed a criminal complaint following a cyberattack first detected on the preceding Monday. The attackers breached the institution's systems and issued a ransom demand, threatening to publish the school's data on the darknet if payment was not made. The attack targeted machines containing personal data, though specific data categories or volumes were not disclosed. Upon discovery, ICN activated a crisis management unit and severed network connections with the University of Lorraine to prevent collateral damage to the partner institution. The school formally notified France's National Agency for the Security of Information Systems (ANSSI) and maintained ongoing coordination with law enforcement agencies throughout the response.
The compromised systems remained offline during forensic investigations, with no evidence of malicious data misuse reported as of the initial disclosure. Impacted parties—including staff, students, and their families—received direct notifications about the breach. While operational disruptions occurred due to system isolation, the institution did not specify the duration or academic consequences of these interruptions. The attackers' identity, intrusion methodology, and ransom amount remained unconfirmed in available reports. ICN's public communications emphasized procedural compliance with national cybersecurity protocols but did not disclose whether ransom negotiations occurred or whether data restoration from backups was necessary.