Cyber Incident Victim: City of Lille
Date:
Feb 2023
Location:
France
Summary
A cyberattack targeted Lille's municipal government, disrupting public services by forcing a shutdown of IT systems to contain the intrusion. Critical impacts included temporary loss of phone access, manual processing of civil registry services, and inaccessibility of online family portals and library loan systems. Authorities activated a crisis unit, filed a police complaint with cybercrime investigators, and maintained most public facilities. While officials reported no initial data loss or degradation, cybersecurity experts noted such attacks often involve data exfiltration and ransom demands. The incident followed prior regional cyberattacks affecting other municipalities and businesses. Restoration of phone services was prioritized, with ongoing investigations into the attack's origin and full scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 28, 2023, the City of Lille’s municipal government experienced a cyberattack that disrupted public services following an intrusion detected at 11:40 PM the prior evening. The Agence nationale de la sécurité informatique (Ansi) alerted city officials to the breach, prompting immediate containment measures. Municipal IT staff disconnected affected systems and instructed employees and elected officials not to power on workstations to restrict malware propagation. By Wednesday morning, residual disruptions impaired standard operations across multiple departments. Telephone services became unavailable throughout the municipality, while civil registry functions reverted to manual paperwork processing. The "Espace Famille" citizen portal—used for administrative services like school enrollments and fee payments—remained inaccessible, though public libraries, cultural centers, and sports facilities maintained physical operations with limited digital functionality such as book loan systems suspended.
A municipal crisis unit coordinated response efforts, prioritizing service continuity and forensic analysis. The city filed a criminal complaint with Lille’s judicial police cybercrime brigade, initiating an investigation into the attack’s unknown origin. Technical evaluations were ongoing to assess intrusion severity, with preliminary statements from First Deputy Mayor Audrey Linkenheld indicating no confirmed data loss or corruption affecting civic databases containing employee records, resident civil status information, or financial systems. External cybersecurity experts consulted by media suggested potential ransomware involvement based on regional attack patterns, though officials withheld confirmation. Recovery timelines projected telephone service restoration by Thursday alongside continued diagnostics. Historical context noted similar incidents targeting Douai in 2021, Aulnoye-Aymeries, Calais, and local enterprises including Intersport Nord-Pas-de-Calais, Renault’s Douai plant, and ISP Nordnet, though no explicit attribution connected these events.