French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s management and administrative systems on 4th July.
The attack is believed to have been carried out by the LockBit ransomware group. The hackers took the company’s systems offline as it attempted to minimise damage. A week later, its website is still offline and visitors are greeted by a statement in French warning customers to be wary of cyberattacks.
The statement reads: “Our initial analysis shows that our servers, which are essential to the operation of your mobile line, have been well protected. However, it is possible that files on the computers of La Poste Mobile employees have been affected. Some of these files may contain personal data.”
“This protective action (taking systems offline) led us to temporarily close our website and our customer area. We are obviously sorry that this may cause some inconvenience in your relationship with La Poste Mobile for a few days. Our IT teams are currently diagnosing the situation.”
La Poste Mobile is a French mobile virtual network operator with close to 2 million customers in France. In 2021, it reported revenues of over $500m. It was founded by the French telecommunications company SFR and French Postal service group La poste and operates its mobile services on SRF’s network.
The company have asked its customers to be on the lookout for phishing attempts or suspicious activity related to personal information that hackers could have accessed. The mobile service continues to operate.
The statement said, “La Poste Mobile invites its customers to be vigilant, in particular by monitoring any attempt at phishing and/or identity theft, and will of course keep them informed of the lessons learned from the ongoing investigations. Our teams are fully committed to resolving this situation as quickly as possible.”
The LockBit group is currently one of the most prolific ransomware-as-a-service (RaaS) groups, since it was first identified in 2019. It sells its software to third-party criminals who use it in return for a share of the profits.