Centre public d'Action sociale de Charleroi

The Centre public d'Action sociale de Charleroi (CPAS Charleroi) is a public social action center operating in Charleroi, Belgium. As a municipal public institution, its core mandate is to provide essential social services and support to the residents of its jurisdiction. This typically includes assistance with social welfare, financial aid, housing support, and access to healthcare for vulnerable populations. The organization serves as a key local interface for social security and public solidarity, implementing regional and national social policies at the community level. Its activities are fundamentally oriented toward social inclusion, poverty alleviation, and the protection of disadvantaged individuals and families within the Charleroi area. The CPAS functions as an autonomous public body under Belgian law, governed by a board representing the municipal council, and operates with a degree of administrative and financial independence while remaining accountable to local and regional authorities. Its work is integral to the municipal social safety net, complementing other public services and often acting as a last-resort support system for citizens in need.

On August 21, 2023, the CPAS de Charleroi experienced a significant cyberattack that directly targeted and paralyzed its internal computer network. This incident caused a severe disruption to its normal administrative and operational processes, though all physical service points reportedly remained open to the public. The attack forced staff to revert to entirely manual procedures for critical functions, most notably the processing and execution of payments to beneficiaries and service providers, highlighting the organization's heavy reliance on digital systems for core financial operations. A primary concern following the attack was the potential compromise of a wide range of personal data stored within the affected systems, including sensitive information pertaining to the individuals the CPAS serves. At the time of the initial reports, no confirmed data breach or exfiltration had been publicly verified, though the possibility remained under active investigation. In response, the organization's management immediately implemented alternative communication channels to maintain contact with the public and partners while technical teams worked to contain the incident and restore system functionality. An official investigation was launched to determine the attack's origin, scope, and full impact, with the CPAS coordinating with relevant cybersecurity and judicial authorities. The recovery process involved a gradual and careful restoration of IT services to ensure their security before full operational reliance was resumed, underscoring the critical importance of digital resilience for public service institutions handling sensitive citizen data.