Cyber Incident Victim: Aventure et Volcans

On or around May 1, 2023, the travel company Aventure et Volcans became the victim of a malicious act that affected its entire computer system. This act of malfeasance caused a significant and immediate disruption to the company's operations. The incident rendered the firm's online reservation system completely non-operational, leading to the temporary unavailability of online registration for its travel services. The company characterized the event as a serious compromise of its information technology infrastructure, necessitating an immediate and comprehensive response to manage the fallout and secure its systems.

In response to the discovery of the incident, Aventure et Volcans took immediate measures to limit the damage caused by the attack. A primary stated objective of this initial response was to protect customer data from further exposure or misuse. The company engaged external information technology experts to assist in analyzing the breach, containing its effects, and beginning the process of remediation and recovery. This collaboration was part of an active effort to resolve the situation in the shortest possible time frame and restore normal business functions.

The impact on business operations was severe and multifaceted. The most direct consequence was the loss of the online booking capability, a critical channel for customer acquisition and service delivery. This forced the company to revert to manual, telephone-based processes to continue accepting customer registrations for its trips. To facilitate this, Aventure et Volcans publicly provided its customer service telephone number, 04 78 60 51 11, and assured clients that its team remained available to guide them through the registration process and answer all questions despite the exceptional circumstances. The company emphasized its continued availability through both telephone and email, acknowledging the significant inconvenience caused to its clientele while striving to maintain service continuity.

Through its official communications, both on its website and via a detailed Facebook post, the company provided a preliminary assessment of the recovery timeline. Due to the complexity of the incident and the extensive work required to fully restore its services, Aventure et Volcans anticipated that the disruptive situation would persist for an extended period, projecting a return to full operational capacity around the beginning of June 2023. This projection indicated an expected downtime of approximately one month, underscoring the severity of the system compromise and the scale of the restoration effort needed.

The company's communications strategy focused on transparency and customer reassurance. It directly informed its clients about the nature of the event, labeling it a malicious act, and outlined the concrete steps being taken to address it. Aventure et Volcans expressed sincere apologies for the inconvenience caused and thanked its customers for their understanding and support during the difficult period. The company also committed to keeping its clientele informed of any new developments or changes as the situation evolved, demonstrating an effort to manage customer relations proactively throughout the crisis. The operational impacts were confined to the unavailability of specific digital services; the company's ability to communicate and conduct business via telephone and email remained functional, allowing it to maintain a degree of customer interaction and service provision while its core reservation platform was offline. The incident did not result in a complete cessation of business activities but rather a significant degradation of automated services, necessitating a labor-intensive workaround to process bookings manually. The full scope of the attack, including whether any specific data was exfiltrated or compromised, was not detailed in the available public statements, which focused instead on the immediate operational disruption and the response efforts underway to guarantee data protection and system restoration. The work with IT experts continued throughout the incident period, focused on the dual objectives of securing the compromised systems and meticulously working to rebuild and restore the affected functionalities to a fully operational state. The primary consequence remained the prolonged interruption of its online sales channel, a critical component of its business model, for a duration of several weeks.