Cyber Incident Victim: Ville de Bouchemaine

An intrusion into the information system of the Town of Bouchemaine occurred during the weekend of June 17-18, 2023. The incident was publicly announced by the town on its official website on June 18, 2023, and later confirmed in a press release on Tuesday, June 20, 2023. The attack had confirmed impacts on the functioning of municipal services, though the full scope and nature of these operational disruptions were not detailed in the initial communications.

Immediately following the discovery of the intrusion, the town's response team implemented security measures to protect data. These initial actions were focused on containment and securing the compromised systems to prevent further unauthorized access and potential data exfiltration. A technical diagnostic process was initiated to determine the precise origin of the attack and to fully assess the severity of the breach. As of the initial announcement on June 18th, this forensic investigation was still ongoing, indicating the complexity of the incident.

A significant consequence of the attack was the compromise of the town's official email communication channels, which utilized the ville-bouchemaine.fr domain. In response, the municipality established a comprehensive set of temporary Gmail addresses for each of its major departments to ensure the continuity of public services and maintain lines of communication with citizens. These temporary contact points were created for the following services: General Administration, Civil Registry, and Elections; the Communal Center for Social Action (CCAS); Accounting and Finance; Education and Youth Administration; the Château School; the Petit Vivier School; Notre-Dame Catering; the Leisure Center (ALSH); the Early Childhood Relay (RPE); the Media Library; Technical Services; Culture, Tourism, Events, and Communication; Associations and Sport; and Urban Planning. This measure was a critical step in maintaining public service operations while the primary email system was deemed untrustworthy or inoperative.

The town issued a specific warning to the public regarding the heightened risk of receiving suspicious emails purporting to be from its services. Due to the nature of the intrusion, there was a credible threat that attackers could leverage the compromised system to send malicious communications from legitimate-looking @ville-bouchemaine.fr addresses. Citizens were instructed to exercise extreme caution and were provided with a clear set of directives should they receive such a message. The instructions were to not reply to the email, not open any attachments, not click on any links within the email, and not provide any codes or passwords. Furthermore, recipients were directed to report any suspicious emails to the French government's cybersecurity website, cybermalveillance.gouv.fr, which is the official platform for assisting victims of cybermalware.

Throughout the response, the town committed to maintaining all public services despite the ongoing technical challenges posed by the cyberattack. The municipality also established a communication plan to keep residents and stakeholders informed of the situation's evolution. The primary channels for these updates were announced as the official town website, https://www.ville-bouchemaine.fr, and public notices posted around the commune. The initial article from the town's homepage served as the first point of official information, and it was subsequently picked up by regional press, including Ouest-France, which reported on the incident on June 18th, confirming the attack on the municipality near Angers in the Maine-et-Loire department. The technical investigation continued beyond the initial announcements as officials worked to fully understand the attack vector, the extent of any data compromise, and to implement permanent remediation measures to restore the security of the town's information systems.