Public Social Action Center of Mouscron

The Public Social Action Center of Mouscron, commonly known as CPAS Mouscron, operates as a municipal social services institution in Mouscron, Belgium. Its core mandate involves the administration and delivery of essential social welfare programs to residents within its jurisdiction. This includes the management of beneficiary records, the coordination of case follow-ups for individuals and families requiring support, and the oversight of services related to nursing home resident care. The organization facilitates critical functions such as payment processing for social benefits and services, and it maintains digital agendas for scheduling appointments and managing client interactions. These operations place it at the forefront of local public social assistance, directly interfacing with vulnerable populations to provide aid and manage their cases. The institution's work is fundamentally tied to the secure and efficient handling of sensitive personal data, including financial and health-related information for its beneficiaries. Its services are indispensable for the social safety net within the Mouscron community, ensuring that aid is distributed and that care arrangements for elderly or dependent residents are maintained.

In September 2022, CPAS Mouscron experienced a severe cyberattack that resulted in the complete paralysis of its information technology systems. This incident disabled all digital agendas, halted payment processing mechanisms, and blocked access to electronic beneficiary records and nursing home resident files. The disruption rendered the organization incapable of conducting any case follow-ups or routine administrative tasks, effectively grounding its core social service operations. The anticipated duration of the outage was at least four days, a period during which the institution was forced to instruct all individuals with scheduled appointments to postpone their meetings by contacting a designated phone number. The attackers claimed responsibility for the breach but did not issue a ransom demand, a detail noted in reports of the event. This attack starkly demonstrated the organization's heavy reliance on integrated IT infrastructure for its daily functions and the profound operational vulnerability that such a dependency creates. The incident underscored the critical nature of its data holdings and the potential for significant public service interruption following a cybersecurity breach. The need to revert to manual, phone-based communication for appointment management highlighted the scale of the digital systems failure and its immediate impact on both staff and the public seeking assistance.