Cyber Incident Victim: Voyageurs du Monde
Date:
May 2023
Location:
France
Summary
Voyageurs du Monde was impacted by a cyberattack which prompted the company to cut its internet access to contain the incident. Operations such as telephony, email, and customer websites remained functional, allowing it to monitor current trips and new requests. While there was no evidence of customer data theft, the company notified the relevant data protection authority as a precaution, noting that no payment information was stored on its compromised systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of May 15 to May 16, 2023, the travel company Voyageurs du Monde suffered a cyberattack. The company announced the incident on May 16th, confirming the attack had occurred and that their internal teams were actively analyzing the situation. The immediate response action taken by the company was to deliberately cut off its internet access. This action was a containment measure, intended to isolate the internal systems and prevent any potential spread or further unauthorized access from the attackers. The company stated that the attack itself was contained as a result of this action.
From an operational perspective, the impact of the attack and the subsequent containment measures was mixed. Certain critical customer-facing systems remained functional despite the incident. The company's telephony systems and email services continued to operate normally. Furthermore, the customer websites maintained by Voyageurs du Monde were also functional and accessible. This operational continuity allowed the company to continue monitoring the departures of customers who were currently traveling. It also enabled the processing of new requests and inquiries for future trips, ensuring that the core business of selling and managing travel could continue, albeit potentially with some internal disruptions due to the loss of internet connectivity.
A primary concern following any cyberattack is the potential theft of sensitive data. Voyageurs du Monde addressed this concern directly in its announcement. The company stated that, to date, there was no evidence to indicate that customer data had been stolen during the incident. The company provided additional context regarding its data storage practices, specifying that it did not store any customer payment data on its systems. This practice would inherently limit the financial risk to its customers in the event of a data breach. As a precautionary measure, and in compliance with regulatory obligations, Voyageurs du Monde formally notified the Commission Nationale de l'Informatique et des Libertés (CNIL) of the incident. The CNIL is the French data protection authority responsible for enforcing personal data privacy regulations.
The company's recovery plan involved a gradual resumption of full activity, which was planned to begin at the start of the following week after the attack. A key component of this recovery strategy was the use of its back-up systems. The reference to using backups indicates the attack may have affected the integrity or availability of some primary systems, necessitating a restoration from known good copies of data. The internet cut-off was maintained to allow the internal teams, likely alongside external cybersecurity experts, to work on analyzing the full scope of the attack and to prepare the systems for a safe return to normal operations. The containment and planned recovery actions suggest a focus on ensuring business continuity while thoroughly investigating the breach. The announcement did not specify the exact nature of the cyberattack, such as whether it was ransomware, data extortion, or another form of intrusion. The company's communication emphasized that the situation was under control and that measures were in place to restore full functionality safely.