French telecoms operator La Poste Mobile has alerted customers that their data may have been compromised in a ransomware attack that targeted the company’s administrative and management systems on July 4.
The attack, believed to have been carried out by the LockBit ransomware group, took the company’s systems offline as it attempted to minimize damage. Seven days later, its website is still offline and visitors are greeted by a statement in French telling customers to be wary of targeted cyber-attacks.
“Our initial analysis shows that our servers, which are essential to the operation of your mobile line, have been well protected. However, it is possible that files on the computers of La Poste Mobile employees have been affected. Some of these files may contain personal data,” said the statement.
“This protective action (taking systems offline) led us to temporarily close our website and our customer area. We are obviously sorry that this may cause some inconvenience in your relationship with La Poste Mobile for a few days. Our IT teams are currently diagnosing the situation.”
La Poste Mobile is a mobile virtual network operator with close to 2 million customers in France and reported revenues of over $500m in 2021. It was founded by French Postal service group La Poste and French telecommunications company SFR and operates its mobile services on SFR’s network.
While La Poste Mobile’s mobile services continue to operate, it has asked customers to be on the lookout for phishing attempts or suspicious activity related to personal information the attackers may have accessed.
“La Poste Mobile invites its customers to be vigilant, in particular by monitoring any attempt at phishing and/or identity theft, and will of course keep them informed of the lessons learned from the ongoing investigations. Our teams are fully committed to resolving this situation as quickly as possible,” it said in its statement.
The LockBit group was first identified in 2019 and has become one of the most prolific groups to offer ransomware-as-a-service. It sells its software to third-party criminals who deploy it in return for a share of the profits.
In a recent report, cybersecurity company NCC Group said that LockBit was responsible for around 40% of ransomware attacks it saw in May 2022.