French postal and banking services faced fresh disruptions on Thursday, January 1, 2026, following a cyberattack that temporarily rendered the websites and mobile applications of La Poste and La Banque Postale largely inaccessible, according to reports from French radio RFI.  A message on the La Poste homepage confirmed the situation, stating: “The laposte.fr website and all of La Poste’s information systems are currently facing a cyberattack.” Similarly, the online and mobile banking platforms of La Banque Postale, the post office’s banking arm, experienced downtime, preventing many customers from accessing services. 

Repeated Denial-of-Service Attack on La Poste and La Banque Postale 

This incident follows a previous denial-of-service (DDoS) attack that began on December 22, 2025, and continued until December 26. The earlier attack, which overloads servers to slow or block access, disrupted customers’ ability to track parcels but did not affect deliveries, which continued as normal.  Authorities confirmed that the pro-Russian hacker group NoName057(16) claimed responsibility for the December attack. La Poste filed a formal complaint, emphasizing that no customer data had been compromised, as denial-of-service attacks do not constitute unauthorized intrusion into information systems. 

Investigations and Security Response 

The Paris prosecutor’s office has opened an investigation into the latest La Poste cyberattack, delegating the case to the General Directorate for Internal Security (DGSI) and the national cyber unit. Authorities confirmed that the hacker group NoName057(16) had publicly claimed responsibility for the disruption.  The group, which emerged in 2022 after Russia invaded Ukraine, has previously targeted Ukrainian media, as well as government and corporate websites in countries including Poland, Sweden, and Germany.

Operational Impacts 

During both attacks, digital access to La Poste services was limited, forcing some post offices to operate at reduced capacity. Despite the disruptions, customers were able to carry out essential postal services and banking transactions at physical locations.  La Poste communicated via Twitter that its teams were “fully mobilized to restore services as quickly as possible,” emphasizing that parcel deliveries continued and remediation efforts were ongoing.  Meanwhile, La Banque Postale acknowledged the cyberattack on social media, explaining: “A computer incident has temporarily made our mobile app and online banking inaccessible. Our teams are working to resolve the situation as quickly as possible. Online payments are possible with SMS authentication.”   Card payments at in-store terminals, ATM withdrawals, and SMS-authenticated online transactions remained functional, mitigating the overall impact on day-to-day financial activity. 

Context of Cyber Incidents in France 

The La Poste cyberattack comes amid a series of recent cyber incidents affecting public institutions in France. On December 17, 2025, authorities arrested a 22-year-old man in connection with a breach of France’s Interior Ministry, which involved unauthorized access to email accounts and confidential documents. The suspect faces potential prison time of up to 10 years.  Earlier, in November 2025, the French Football Federation reported a breach in which attackers exploited stolen credentials to access membership management software, exposing personal data of registered players nationwide.  While La Poste has not publicly attributed the latest cyberattack to a specific threat actor, the recurring incidents highlight the growing challenge of protecting critical public and financial infrastructure in France from denial-of-service attacks and other cyber threats.  The attacks on La Poste and La Banque Postale highlight the vulnerability of postal and banking services to cyberattacks. No customer data was compromised, but online and mobile services were disrupted. Authorities, including the DGSI, are investigating, while both organizations work to restore full digital access. Customers should follow official channels for service updates. 

The La Poste cyberattack disrupted France’s national postal service just days before Christmas, temporarily knocking key websites and mobile applications offline and slowing parcel deliveries during one of the busiest periods of the year. La Poste confirmed that the incident was caused by a distributed denial-of-service (DDoS) attack, which impacted digital systems supporting postal operations. While the company stated there was no evidence that customer data had been compromised, it acknowledged that the cyberattack affected parcel distribution and access to online services. The timing of the La Poste cyberattack raised concerns among customers expecting holiday deliveries. Social media users reported delays and uncertainty around parcel arrivals, while French media outlets noted that some people attempting to send or collect packages were turned away from post offices operating under limited capacity. With Christmas being one of the most demanding periods for the postal network, even short-lived disruptions created visible operational challenges.

La Poste Cyberattack Linked to DDoS Incident

According to company, the La Poste cyberattack involved a DDoS attack that overwhelmed parts of its digital infrastructure. As a result, several online platforms became unavailable, and some post offices were forced to operate at reduced capacity. Despite the disruption, customers were still able to carry out essential postal and banking transactions at physical counters. “Our teams are fully mobilised to restore services as quickly as possible,” La Poste said in its Twitter post, noting that remediation efforts were ongoing.

Cyberattack  on La Poste  Impacts La Banque Postale Services

The La Poste cyberattack also affected La Banque Postale, limiting customer access to online banking services and the bank’s mobile application. In a public statement shared on social media, the bank acknowledged the incident and assured customers that its teams were working to resolve the issue. “A computer incident has temporarily unavailable access to our customers' mobile app and online banking. Our teams are working to resolve the situation as quickly as possible. Online payments are possible with SMS authentication,” the bank said. [caption id="attachment_107995" align="aligncenter" width="528"] Source: Twitter[/caption] While digital access was disrupted, card payments at in-store terminals, ATM withdrawals, and SMS-authenticated online payments remained functional, reducing the impact on day-to-day financial transactions.

Recent Cyber Incidents in France

The La Poste cyberattack occurred against the backdrop of several recent cyber incidents in France involving major public institutions. Last week, France’s Interior Ministry disclosed a data breach that resulted in unauthorized access to internal email accounts and confidential documents. On December 17, 2025, authorities arrested a 22-year-old man in connection with the Interior Ministry cyberattack after an investigation led by the Paris prosecutor’s cybercrime unit. The suspect faces charges including unauthorized access to a state-run automated personal data processing system, an offense that carries a potential prison sentence of up to 10 years. Earlier, in November 2025, the French Football Federation confirmed a separate breach in which attackers used stolen credentials to access centralized membership management software. The incident exposed personal information belonging to licensed players registered through clubs nationwide. At the time of writing, La Poste has not attributed the cyberattack to any specific threat actor, and the source of the disruption remains unknown. The Cyber Express Editorial team has contacted the company for further clarification, but no response has been received so far.