La Poste outage after a cyber attack disrupts digital banking and online services
December 24, 2025
La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users.
The French national postal service La Poste confirmed a major cyber incident had knocked its information systems offline, disrupting digital banking and online services for millions of customers.
On social media, La Poste said the disruption temporarily rendered several platforms inaccessible, including its main website, mobile app, digital identity service, and the Digiposte document storage platform.
Some post office locations experienced service disruptions, though officials said customers could still conduct banking and postal transactions at service counters. The company confirmed that its online services: La Banque Postale online and the mobile app, laposte.fr, Digiposte, La Poste Digital Identity, and the La Poste application are temporarily inaccessible.
Some post offices may see temporary service disruptions, but counter services remain available as teams work to restore normal operations quickly. Banking customers can still make online payments with SMS authentication, withdraw cash, pay by card in stores, and use WERO transfers.
“A major network incident is currently disrupting all of our information systems.
Our online services: La Banque Postale online and the mobile app, laposte.fr, Digiposte, La Poste Digital Identity, and the La Poste application are temporarily inaccessible.” reads the statement published on Facebook.
“In some post offices, service may be temporarily degraded. However, it is possible to carry out your banking and postal operations at the counter. Our teams are fully mobilized to restore the situation as soon as possible and ensure a return to normal as quickly as possible.”
At this time, La Poste’s website is still down.
La Poste has not shared technical details about the cyber incident, but French media reports that the company was a victim of a massive DDoS attack.
“La Poste said in a statement that a distributed denial of service incident, or DDoS, “rendered its online services inaccessible.” It said the incident had no impact on customer data, but disrupted package and mail delivery. There was no immediate claim of responsibility.” states Le Monde.
The outage followed a recent cyberattack on France’s Interior Ministry, where a suspected hacker accessed sensitive police data; a 22-year-old was detained.
The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior.
The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers gained access to some document files, though data theft remains unconfirmed.
“There has been a cyber attack. An attacker was able to access a number of files … there is no evidence that they were seriously compromised,” Nunez told RTL radio.
Nunez added that the government launched an investigation into the incident, which is still ongoing.
“We have no evidence of serious compromises. We are investigating, both judicially, and above all, we have strengthened our level of security. The access procedures to the information system for all our agents have been tightened,” he added.
The French Interior Minister did not share technical details about the attacks.
In response to the security breach, the ministry tightened security and reinforced access controls across its information systems in response.
Authorities are exploring all scenarios for the cyberattack, including foreign interference, hacktivism, or cybercrime, as an investigation seeks to determine its origin.
In April, the French government attributed a four-year hacking campaign targeting a dozen French entities to the Russia-nexus group APT28. The Russia-linked APT28 group targeted or compromised a dozen government organizations and other French entities, the French Government revealed. In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and Europe.
Since 2021, APT28 has targeted or compromised French ministerial bodies, local governments, DTIB, aerospace, research, think-tanks, and financial entities. In 2024, attacks primarily focused on governmental, diplomatic, and research sectors, with some campaigns specifically hitting French government organizations.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, France)