Cyber Incident Victim: CNFPT
Date:
Jul 2025
Location:
France
Summary
The CNFPT experienced a cyberattack compromising its intervenant platform, resulting in unauthorized access to personal data including documents uploaded since 2022, with pre-2022 materials largely unaffected except for CVs. The organization promptly shut down the platform, notified affected individuals via email, established a dedicated support channel, and reported the breach to relevant authorities. Following security enhancements, the platform partially reopened in September before resuming full operations. An investigation remains ongoing to determine the exact scope and nature of the exfiltrated data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 4, 2025, the French National Center for Territorial Public Service (CNFPT) identified a cyberattack targeting its intervenant.cnfpt.fr platform, a dedicated portal for external trainers and contributors. The attackers gained unauthorized access to personal data belonging to individuals registered on the platform, specifically compromising documents uploaded by users since 2022. Pre-2022 documents remained inaccessible through the platform interface except for CVs, which were not affected by this limitation. CNFPT immediately disabled the compromised platform following the intrusion, rendering it fully inaccessible by July 9, 2025, as confirmed in their public communications. The organization initiated forensic investigations to determine the exact nature and scope of the stolen personal data, emphasizing that this analysis was ongoing at the time of their July 9 statement. CNFPT notified France's National Commission on Informatics and Liberty (CNIL) and the National Agency for Information Systems Security (ANSSI) about the data breach in compliance with regulatory requirements. Affected individuals received direct email notifications detailing the incident and recommended protective measures, while CNFPT established a dedicated response team and support email address to handle inquiries from impacted parties.
Security remediation efforts continued throughout summer 2025, culminating in the partial reopening of the intervenants platform on September 22. Full restoration of 24/7 platform access was achieved following comprehensive security upgrades, with CNFPT maintaining a continuously updated FAQ section through at least December 9, 2025, to address user concerns. The confirmed impact remained limited to documents uploaded since 2022, with no evidence of compromise to historical records predating that year beyond CV accessibility. No ransomware claims or financial motives were disclosed in available communications, and CNFPT's public statements focused exclusively on unauthorized data access rather than system encryption or destruction. The organization maintained operational continuity for non-platform services throughout the incident, with restoration timelines indicating approximately eleven weeks of partial or full platform unavailability affecting user access and document submission capabilities.