Cyber Incident Victim: Collectivité européenne d’Alsace
Date:
Sep 2022
Location:
France
Summary
The Collectivité européenne d’Alsace experienced a cyberattack disrupting multiple critical services, including human resources and disability support departments handling sensitive personal and financial data. While management asserted no data breaches occurred and claimed timely containment, employee unions expressed skepticism due to the compromised systems' access to confidential information. Operational impacts included prolonged website inaccessibility from abroad and suspended remote work capabilities for staff. A formal complaint was filed, with authorities identifying a suspect address during the ongoing cybercrime investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 28, 2022, the Collectivité européenne d’Alsace (CeA) experienced a cyberattack that disrupted multiple critical services. The attack occurred in the evening, though specific technical details about its origin or method were not publicly disclosed. Employees were notified of the incident via email on October 3, five days after the attack, indicating a delayed internal communication process. Strategic departments including the Human Resources Directorate and the Departmental Center for Disabled Persons were compromised, raising concerns due to their handling of sensitive personal data such as social security numbers and bank account information. Management asserted the situation was contained swiftly, denying any data exfiltration occurred.
The attack caused sustained operational disruptions, rendering CeA’s website inaccessible from outside France and preventing employees from teleworking. Full restoration of services was projected to require several additional days beyond the initial disclosure date. Unions, particularly FO delegate Christophe Odermatt, expressed skepticism about management’s assurances, citing the targeting of high-sensitivity departments and the absence of conclusive evidence disproving data leakage. CeA filed a formal legal complaint following the incident, triggering an investigation by specialized cybercrime authorities who reportedly identified the attacker’s IP address. No threat actor group, ransom demands, or data disclosure claims were referenced in available reporting.