What happened
France’s national postal service, La Poste, and its banking arm, La Banque Postale, were hit by a significant cyberattack, reportedly a distributed denial-of-service (DDoS) incident that knocked multiple digital systems offline on Monday, Dec. 22, 2025, at the height of the Christmas rush. The outage rendered key online services, such as websites, mobile apps, digital identity services, and parcel tracking, inaccessible for many customers. Core functions such as ATM withdrawals, in‑store card payments, and certain SMS‑authenticated banking services continued to operate, but digital access and automated processes were widely disrupted.
Who is affected
- La Poste customers nationwide: online postal services, package tracking, and internal systems were disrupted.
- La Banque Postale clients: mobile and online banking access was interrupted, with approvals rerouted to SMS‑based authentication.
- Millions of individuals and businesses relying on France’s postal and banking infrastructure, especially during one of the busiest periods of the year.
Why CISOs should care
This incident underscores how even non‑financial critical infrastructure, like postal and delivery systems, can be weaponized through volumetric attacks to cause operational paralysis and reputational damage. For CISOs, it highlights the cascading impact of service disruptions on customer trust, supply chain continuity, and national critical services. The attack also comes amid a broader landscape of cyber incidents in France, including recent compromises of government ministries, suggesting that threat actors may target public‑facing ecosystems during peak operational stresses.
3 practical actions
- Stress‑test and scale DDoS defenses: Ensure your organization has robust, scalable mitigation (including third‑party services and traffic filtering) to absorb sudden spikes in malicious traffic without service degradation.
- Review business continuity plans: Validate that manual workarounds, backup systems, and offline procedures are well‑documented and rehearsed for high‑impact disruption scenarios.
- Monitor threat activity and intelligence: Track sector‑specific threats and emerging attack patterns, especially during peak operational windows, to adapt defensive postures in real time.