January 6, 2023: Customer Data Breach at KLM and Air France

Air France and KLM have informed Flying Blue customers that some of their personal information was exposed after their accounts were breached. Air France and KLM confirmed the data breach in a statement sent to BleepingComputer and said that customers' sensitive data, such as passport or credit card numbers, was not exposed. The two airlines said that they also reported the incident to their countries' data protection authorities.

Flying Blue is a loyalty program allowing clients of multiple airlines, including Air France, KLM, Transavia, Aircalin, Kenya Airways, and TAROM, to exchange loyalty points for various rewards.

October 17, 2022: Cyberattack at Global Wholesale Company METRO

International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack.

The company's IT team is currently investigating the incident with the help of external experts. Even though its stores are still operating, METRO says that it was forced to set up offline payment systems and that online orders are delayed.

August 15, 2022: Hive Ransomware Group Attacks International French Clothing Stores

Damart, a French clothing company is being extorted for $2 million after a cyberattack from the Hive ransomware gang. Damart operates over 130 stores across the world.

The threat actors haven't posted the victim on their extortion site, opting to keep negotiations private. Damart has not engaged in negotiations with the cybercriminals. The company informed the national police of the incident, which makes it unlikely that Hive would receive a payment.

June 27, 2017: Saint-Gobain, a Major European Building Supply Maker Suffers NotPetya Cyberattack

French construction giant Saint-Gobain said Thursday, July 13, that it had restored all systems affected by the start of the week after the attack. The company said the attack led to downtime of IT systems and supply chain disruptions and claimed that no personal data had been lost. The NotPetya attack has had a negative impact of €220 million ($258 million) on sales and €65 million ($76 million) on operating income in the first half of 2017. Until the end of the year, total losses are expected to rise to €330 million ($387 million).

August 29, 2022: $10 Million Ransom Demand Disables French Hospital – Patients Send Elsewhere.

The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. CHSF serves an area of 600,000 inhabitants, so any disruption in its operations can endanger the health, and even lives, of people in a medical emergency. "This attack on the computer network makes the hospital's business software, the storage systems (in particular medical imaging), and the information system relating to patient admissions inaccessible for the time being," explains CHSF's announcement (translated).

French cybersecurity journalist Valéry Riess-Marchive identified signs of a LockBit 3.0 infection. If LockBit 3.0 is responsible for the attack on CHSF, it will violate the RaaS program's rules, which prohibit affiliates from encrypting systems of healthcare providers.

February 15, 2021: Crypto-virus RYUK Attacks French Hospitals in Lyon Area

Hôpital Nord-Ouest, the hospital group for the North of Lyon, reported two hospitals were stricken with ransomware attacks, and a third pre-emptively cut connections with an IT provider, in less than a week. Surgeries were postponed and emergency patients re-routed to other facilities as each hospital site’s team set up limited procedures to ensure the exchange of information necessary for patient care, as well as a crisis unit to organise the operation of all three sites. The attack by the crypto-virus RYUK, a kind of ransomware, "strongly impacts" the Villefranche, Tarare and Trévoux sites of the North-West Hospital, the hospital said in a statement.

Following the attack, French President Emmanuel Macron said his office plans to inject one billion euros (US$1.21 billion) into the country’s cyberdefense.

March 25, 2021: REvil Ransomware Shut Down Multiple Plants at Asteelflash

Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. While Asteelflash has not publicly disclosed an attack, BleepingComputer found this week a sample of the REvil ransomware that allowed access to the Tor negotiation page for their cyberattack. LeMagIT, a French cybersecurity news portal, reported an Asteelflash representative stated that "the incident is being evaluated." Neither BleepingComputer nor LeMagIT could confirm whether the attack was successful in encrypting files on affected systems.

The company's press release states: "Asteelflash has detected a cyber security incident during a routine check by its IT teams. We immediately took action to contain the REvil-type ransomware and limit its spread. We have not been in touch with the Hackers" There are no details about the company's intentions regarding the ransom.

December 19, 2021: Global IT Firm Recovering From Ransomware Attack

Global IT services company, Inetum Group, suffered a ransomware attack December 19, impacting operations in France.
While the global company suffered the hit in France, its operations were ongoing in other parts of the world. Among the multiple sectors the company works with are energy and utilities, aerospace, automotive, and chemicals and life sciences. The company said none of the main infrastructures, communication, collaboration tools or delivery operations for its clients ended up affected.

September 20, 2021: French Container Operator Hit By Attack

French container operator, CMA CGM S.A. suffered a cyberattack with unknown hackers leaking part of its customer information, officials said Monday.
The world’s third biggest boxship operator said the “limited customer information” leak includes names, positions, emails and phone numbers.

May 13, 2021: Toshiba Hit In DarkSide Ransomware Attack

Toshiba Tec Corp. fell victim late last week to a ransomware attack by the same organization that hit Colonial Pipeline, only this assault had an impact in Europe.
Japan-based Toshiba Tec Corp operates through two business segments, the retail solutions segment and the Printing Solutions segment where manufacture products including barcode scanners, Point-of-Sale (PoS) systems, printers, and other electrical equipment. The target in the attack appears to be the company’s French subsidiary.

Pin It on Pinterest

Scroll to Top
Scroll to Top