French postal and banking services faced fresh disruptions on Thursday, January 1, 2026, following a cyberattack that temporarily rendered the websites and mobile applications of La Poste and La Banque Postale largely inaccessible, according to reports from French radio RFI.
A message on the La Poste homepage confirmed the situation, stating: “The laposte.fr website and all of La Poste’s information systems are currently facing a cyberattack.” Similarly, the online and mobile banking platforms of La Banque Postale, the post office’s banking arm, experienced downtime, preventing many customers from accessing services.
Repeated Denial-of-Service Attack on La Poste and La Banque Postale
This incident follows a previous denial-of-service (DDoS) attack that began on December 22, 2025, and continued until December 26. The earlier attack, which overloads servers to slow or block access, disrupted customers’ ability to track parcels but did not affect deliveries, which continued as normal.
Authorities confirmed that the pro-Russian hacker group NoName057(16) claimed responsibility for the December attack. La Poste filed a formal complaint, emphasizing that no customer data had been compromised, as denial-of-service attacks do not constitute unauthorized intrusion into information systems.
Investigations and Security Response
The Paris prosecutor’s office has opened an investigation into the latest La Poste cyberattack, delegating the case to the General Directorate for Internal Security (DGSI) and the national cyber unit. Authorities confirmed that the hacker group NoName057(16) had publicly claimed responsibility for the disruption.
The group, which emerged in 2022 after Russia invaded Ukraine, has previously targeted Ukrainian media, as well as government and corporate websites in countries including Poland, Sweden, and Germany.
Operational Impacts
During both attacks, digital access to La Poste services was limited, forcing some post offices to operate at reduced capacity. Despite the disruptions, customers were able to carry out essential postal services and banking transactions at physical locations.
La Poste communicated via Twitter that its teams were “fully mobilized to restore services as quickly as possible,” emphasizing that parcel deliveries continued and remediation efforts were ongoing.
Meanwhile, La Banque Postale acknowledged the cyberattack on social media, explaining: “A computer incident has temporarily made our mobile app and online banking inaccessible. Our teams are working to resolve the situation as quickly as possible. Online payments are possible with SMS authentication.”
Card payments at in-store terminals, ATM withdrawals, and SMS-authenticated online transactions remained functional, mitigating the overall impact on day-to-day financial activity.
Context of Cyber Incidents in France
The La Poste cyberattack comes amid a series of recent cyber incidents affecting public institutions in France. On December 17, 2025, authorities arrested a 22-year-old man in connection with a breach of France’s Interior Ministry, which involved unauthorized access to email accounts and confidential documents. The suspect faces potential prison time of up to 10 years.
Earlier, in November 2025, the French Football Federation reported a breach in which attackers exploited stolen credentials to access membership management software, exposing personal data of registered players nationwide.
While La Poste has not publicly attributed the latest cyberattack to a specific threat actor, the recurring incidents highlight the growing challenge of protecting critical public and financial infrastructure in France from denial-of-service attacks and other cyber threats.
The attacks on La Poste and La Banque Postale highlight the vulnerability of postal and banking services to cyberattacks. No customer data was compromised, but online and mobile services were disrupted. Authorities, including the DGSI, are investigating, while both organizations work to restore full digital access. Customers should follow official channels for service updates.