Major Cyberattack Targets La Poste Amid Holiday Rush, Highlighting French Digital Security Concerns

On December 22 and 23, 2025, La Poste, France’s national postal service, suffered a significant cyberattack that disrupted its online services during the busy holiday period. The attack was characterized as a 'denial of service,' which overwhelmed La Poste's websites and applications with targeted requests, causing instability and temporary inaccessibility. Despite the disruption, La Poste confirmed that no sensitive data was stolen and that mail and parcel deliveries, including during the critical year-end shipment peak involving about 180 million parcels, continued as usual. While some banking services linked to La Poste experienced slowdowns, physical post offices remained operational.

The Paris prosecutor's office promptly launched an investigation into the incident, focusing on obstruction of automated data processing systems. The national cyber unit and the Directorate-General for Internal Security (DGSI) have been assigned to the case. La Poste filed a complaint the same day, emphasizing that the attack did not compromise sensitive information.

A hacker group identifying as NoName057 claimed responsibility via Telegram, referencing a specific La Poste digital domain; however, investigators and cybersecurity experts have urged caution toward these claims due to a lack of evidence and the group’s history of opportunistic declarations. Cybersecurity analyst Adrien Merveille described the attack as large-scale and critically timed just days before Christmas, which prompted heightened public attention.

This incident underscores growing concerns regarding France's digital sovereignty and cybersecurity preparedness. Guillaume Bigot, a deputy from the National Rally party, criticized the French government for its failure to adequately protect critical national digital infrastructure, pointing to the rising frequency and severity of cyberattacks. Bigot emphasized the financial and societal costs, recalling previous breaches affecting millions of French citizens’ data at companies like Viamedis, Almerys, and Free.

Experts and politicians alike advocate for strengthening France's cybersecurity measures, including mandatory national hosting of sensitive data and enhancing the operational capacity of cybersecurity agencies such as ANSSI, DGSI, and DGSE. The call for a robust French digital industry aims to reclaim technological and national sovereignty in light of increasing digital threats.

As the investigation continues, La Poste and French authorities remain vigilant in securing digital systems and maintaining service continuity ahead of the holiday season’s end.