French telecom company La Poste Mobile struggling to recover from ransomware attack

French mobile phone network La Poste Mobile is still struggling to recover from a ransomware attack that has crippled its administrative and management services. 

The company’s website is down, with a lengthy message to customers explaining that the ransomware attack began on July 4. While service has not been affected, the company noted that customer data may have been accessed. 

“As soon as we became aware of this incident, we took the necessary protective measures by immediately suspending the computer systems concerned. This protective action has led us to temporarily close our website and our customer area,” the company said. 

“Our IT teams are currently diagnosing the situation. Our first analyses establish that our servers essential to the operation of your mobile line have been well protected. On the other hand, it is possible that files present in the computers of La Poste Mobile employees have been affected. Some of them may contain personal data.”

The company urged customers to be wary of phishing messages or attempts at identity theft. Officials said customer service email addresses and phone numbers are still functioning.


A screenshot of the message that replaced the company's website.

The company has more than 1.8 million customers and was founded in 2011 by French postal service group La Poste and French telecommunications company SFR. The company brought in a revenue of about $517 million last year. 

La Poste Mobile is a Mobile Virtual Network Operator, which are telecommunication providers that don’t own a network. It operates using SFR’s network. They offer a variety of services including prepaid phone credit, mobile phone plans and conventional phone packages.

On Friday, the LockBit ransomware group added the company to its list of victims. Two weeks ago, the ransomware gang introduced a revamped version of its tools, calling it “LockBit 3.0.”

Cybersecurity researchers have tracked a surge in LockBit activity over the last several months, and the group is poised to overtake Conti as the most prolific ransomware group in terms of publicly identified victims. 

Recent incidents attributed to the group include attacks on a Foxconn factory, a Canadian fighter jet training company, and a popular German library service.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.