Cyberattack of which Chronopost was the victim at the end of January resulted in a sensitive data theft for many customers, including postal and signatures. A first that exposes to great dangers.
The black series continues. After Free, SFR, LDLC, Kiabi, Auchan, Leclerc, Norauto, Picard or Thermomix a few days ago, it is Chronopost’s turn to be a piracy. On January 29, the parcel delivery company was indeed the target of a large -scale cyber attack that exhibited personal data of some 210,000 customers. This new incident is particularly worrying due to the specific nature of stolen information. Chronopost reacted quickly, declaring the closed incident after rapid intervention, but the consequences for customers could last much longer.
In fact, stolen data include personal information such as names, first names, postal addresses, telephone numbers but also, in some cases, the signatures affixed during deliveries. These signatures constitute a centerpiece in the authentication of parcel receptions. Their compromise represents a significant risk, as they can be used to falsify documents, authorize transactions or validate contracts. Unlike other stolen information, a digital signature can serve as proof of consent in legal or financial contexts, making this flight particularly serious.
The company officially warned its customers in an email sent shortly after the incident. “”Chronopost announces that you were the victim on 01/29/2025 of an incident that led to a flight of part of your personal data. This incident, which is not linked to a ransom, has been mastered as soon as it is aware and is now enclosed. The National Commission for Data Protection (CNIL) has been notified within the time limits. Chronopost immediately opened and conducted an investigation with the help of cybersecurity experts. This survey confirmed that the data concerned is: your name, first name and in some cases your telephone number, postal address and signature as appropriate on our delivery evidence. In order to ensure that this type of incident cannot reproduce, we have strengthened our systems, in particular by improving the security of the impacted application and our response to suspicious events “explains the message.
Piracy Chronopost: Unpublished risks for ELS Customers
But if Chronopost announces that it has strengthened the safety of its systems to avoid future incidents, the risk for users currently impacted is very real. Indeed, stolen information, and in particular signatures, can be used by cybercriminals to set up developed scams. Cybersecurity experts warn that one could attend an upsurge in attempts at phishing (phishing), particularly targeted. These scams would consist in pretending to be Chronopost or another entity by sending fraudulent messages requesting a payment to finalize the delivery of a package or pay customs fees. The use of authentic signatures would make these scams more credible in the eyes of the victims.
Chronopost also advised its customers to remain extremely vigilant in the face of any suspicious solicitation by e-mail or SMS. The company recommends not clicking on unaccounts and always check the requests directly on its official website. In his message, Chronopost apologized for the inconvenience caused, while recalling that she was available to respond to the concerns of her customers.
Caution is therefore in order for the consumers concerned. In addition to vigilance in the face of phishing attempts, it is recommended to closely monitor bank accounts and report any suspicious activity to your bank. Activation of two -factor authentication on online accounts and regular verification of personal information is essential measures to limit the risk of identity theft.