Cyber Incident Victim: La Poste Mobile
Date:
Jul 2022
Location:
France
Summary
A French telecommunications provider experienced a ransomware attack that disrupted its administrative and management systems, forcing the temporary suspension of its website and customer portal. While mobile services remained operational, employee computer files potentially containing personal data may have been compromised. The company implemented protective measures upon detecting the incident and advised customers to remain vigilant against phishing attempts. The LockBit ransomware group claimed responsibility for the attack, adding the organization to its list of victims amid a broader surge in activity by the threat actor. The incident impacted a Mobile Virtual Network Operator serving over 1.8 million subscribers through another carrier's infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 4, 2022, French telecommunications provider La Poste Mobile suffered a ransomware attack that disrupted its administrative and management systems, forcing the temporary shutdown of its website and customer portal. The company, which operates as a Mobile Virtual Network Operator using SFR’s infrastructure and serves over 1.8 million subscribers, immediately suspended affected computer systems upon detecting the incident to contain the breach. While core mobile services remained operational, the attack compromised employee workstations, potentially exposing files containing customer personal data. La Poste Mobile issued a public statement confirming the intrusion and advising vigilance against phishing or identity theft attempts, though it maintained that customer service phone lines and email support remained functional. Initial forensic analysis indicated that servers critical to mobile network operations were secured, but the attackers likely accessed less protected employee systems housing business documents and customer information.
The LockBit ransomware group claimed responsibility for the attack on July 8, 2022, listing La Poste Mobile on its leak site amid a broader surge in activity following the release of its upgraded "LockBit 3.0" ransomware variant. The incident impacted internal corporate systems rather than telecommunications infrastructure, preventing service interruptions but crippling customer-facing administrative functions like online account management. La Poste Mobile’s IT teams conducted ongoing diagnostics to assess data compromise while restoring systems, acknowledging that financial documents and customer records on employee devices were vulnerable. The company, which reported approximately $517 million in annual revenue prior to the attack, faced operational challenges in managing customer communications and transactions through alternative channels during recovery. LockBit’s involvement aligned with its pattern of high-profile attacks against multinational corporations, positioning the group to surpass Conti as the most active ransomware operation at the time.