Cyber Incident Victim: La Poste

The incident involving Service Postal, a company specializing in postal services for businesses, occurred around late December 2020 when an attacker infiltrated their systems. The breach was publicly disclosed by the hacker in February 2021 through an advertisement offering stolen data for sale. Over 151,000 user accounts were compromised in the attack, with the dataset containing personally identifiable information including full names, physical addresses, telephone numbers, and email addresses. Partial credit card details and order histories were also exfiltrated, alongside hashed passwords that were not immediately usable in their encrypted state. The attacker specifically highlighted the inclusion of IP addresses among the stolen records. Analysis of the email domains revealed significant concentrations of affected users, with 73,000 Gmail accounts, 39,000 Orange.fr accounts, and 10,000 Free.fr accounts compromised.

The stolen data presented multiple risks for secondary exploitation, particularly through phishing campaigns and fraudulent telephone communications given the volume of contact details exposed. While the hashed passwords required additional effort to crack, their presence alongside other personal information increased potential account takeover risks if decrypted. The attacker marketed the dataset as part of a larger collection of corporate breaches, though no specific details about other compromised organizations were provided in relation to this incident. The breach timeline indicates the intrusion occurred approximately two months before public disclosure, with no available information regarding detection methods or containment actions taken by Service Postal. The exposure of partial payment card information created potential financial fraud risks for affected individuals, though the exact scope of credit card data exposure wasn't quantified in available reports.