What we feared the most has happened! Following the huge cyberattack suffered by La Poste Mobile in July, the personal data of more than 500,000 customers are now freely circulating on the Internet…
The worst constraints concerning the July attack on La Poste Mobile have come true. The service had been the victim of a cyberattack by the hacker group Lockbit, which forced the group to shut down their website for 10 days. The hackers then demanded a ransom, which the French group refused to pay. In retaliation, a file containing the stolen data was published. Indeed, the cybersecurity specialists of Zataz have spotted four hacker spaces that are disseminating the stolen data – data that has been classified and sorted. The 64 MB compressed file contains no less than 533,000 customer data, including first and last names, bank account numbers (IBAN), dates of birth, email addresses, gender, identities, telephone numbers and even physical addresses. La Poste Mobile insists on one point: no bank card number or identity document has been disclosed. The number of customers affected by this data theft is still unknown.
La Poste Mobile: a site paralyzed for 10 days
On Friday July 8, La Poste Mobile customers could no longer access the operator’s online services. “The administrative and management services of La Poste Mobile were victims, on Monday July 4, of a malicious ransomware-type virus.explained the company in his press releasebefore confessing that he was “possible that files present in the computers of La Poste Mobile employees have been affected. Some of them may contain personal datal”, such as surnames, first names, cities, telephone numbers, e-mail addresses and identifiers. Moreover, cybersecurity expert Dominic Alvieri had claimed on his Twitter account to have spotted the announcement of the publication of personal data related to hacking, screenshots in support.The theft would affect more than 1.5 million customers of the operator – out of a total of around 1.8 million.
Recall that a Ransomware is malware that blocks access to computers or files by encrypting them – encrypting them to make them unreadable. The hackers behind this kind of attack then demand a ransom to return control to their victims – most often companies, administrations, organizations and institutions. In the case of La Poste Mobile, the attack was claimed on the night of Thursday July 7 to Friday July 8 by Lockbit, a group of hackers specializing in ransomware and computer intrusion. Their modus operandi is always the same: the hackers start by disrupting the operations of their target – here, the website was paralyzed for 10 days – in order to steal data. Then they try to blackmail their victim: unless they collect a ransom, they will publish the sensitive data on the Internet. An extortion that La Poste Mobile obviously refused… The attack took place in a particularly sensitive context, due to the war between Russia and Ukraine. Indeed, these hackers systematically prevent their viruses from attacking computers located in Russia or in Russian-speaking countries, which could reflect a link between the two.
A call for the utmost caution
Following the cyberattack, La Poste Mobile revealed that it had suspended “the computer systems concerned immediately“as soon as she found out about the attack.”This protective action has led us to temporarily close our website and our customer area.“, explained La Poste. This measure was to prevent hackers from stealing sensitive data.
It is therefore necessary to be particularly vigilant because, since the personal data having been published on the Internet, they can be used for phishing campaigns – which consist in sending false messages to recover banking or personal data –, for targeted attacks against people with positions of responsibility in companies, and even for identity theft. So be careful. It is strongly recommended not to use the same password on several websites or online services because, if hackers manage to seize the password of a La Poste Mobile account, they can easily try their luck and hitting the victim’s other accounts – orders via an Amazon account, streaming services, mailboxes, etc. Similarly, you should never communicate your access or banking information via e-mail, post or telephone. And in case of the slightest doubt, it is better to check that the password has not been compromised (see our practical sheet).