Cyber Incident Victim: Ville de Lorient

On Monday 10 March 2025 the Ville de Lorient issued a communiqué informing the public that its services had been victims of a cyberattack. The communiqué stated that the municipality had been informed of a computer attack that allowed the theft of a list containing professional information relating to municipal agents. The attack was discovered prior to the issuance of the communiqué, though the exact date of detection is not specified in the source. The Ville de Lorient confirmed that the incident was reported to them as a security breach affecting internal data. Following the discovery, the city prepared a public statement to alert users and stakeholders.

The stolen data consisted of names, first names, professional email addresses, and functions of agents employed by the Ville de Lorient and the Centre communal d’action sociale (CCAS). The communiqué emphasized that the municipal services continued to operate normally and that the incident did not disrupt the functioning of any public service. However, the information that was exfiltrated was noted to be available on the Internet, which could enable malicious actors to reuse it. The city warned that the identity and email addresses of the agents could be used for purposes such as bank fraud.

In response, the Ville de Lorient called on users to exercise the greatest vigilance regarding any correspondence that might appear fraudulent. It advised that, at the slightest doubt, individuals should contact the general switchboard of the town hall at 02 97 02 22 00 or reach out directly to the person concerned if prior exchanges had occurred. Suspicious emails could also be forwarded to the address [email protected] for verification of their origin. Additionally, the municipality filed a formal complaint and mobilized its IT service to identify the origin of the attack and to implement all necessary security measures.