Cyber Incident Victim: Groupe Amaury

In late February 2022, Groupe Amaury—owner of the sports newspaper L'Équipe and organizer of the Tour de France and Dakar Rally through Amaury Sport Organisation—experienced a multi-week cyber intrusion affecting its internal servers. Attackers infiltrated the systems and subsequently demanded a ransom to restore employee access to critical IT tools. The company responded by severing connections between internal servers and external networks, including suspending all VPN access for remote workers. This forced journalists and other staff to return to L'Équipe's offices in Boulogne-Billancourt for work. Operational disruptions included the prolonged inoperability of professional email systems across the group, requiring reporters in the field to submit articles through a single-purpose temporary inbox. Editorial teams faced severe challenges, with some newspaper editions finalized under extreme conditions in evening shifts. Employees resorted to USB drives for document storage as an interim measure. The organization temporarily reverted to an older back-office publishing system for its website, deeming the newer software potentially compromised.

Groupe Amaury engaged French state cybersecurity services to regain control of its systems without paying the ransom, leading to gradual restoration of network security by early March 2022. Staff representatives called an emergency meeting due to concerns over degraded working conditions and potential data leaks, culminating in a social and economic committee meeting to address these issues. The company planned to file a legal complaint against unidentified perpetrators. This incident followed a 2019 ransomware attack on French media group M6, which had similarly disrupted operations. Internal email functionality was eventually restored, though the full scope of data exposure remained unconfirmed in initial reports.