A major suspected cyberattack has severely disrupted France's national postal service and its associated bank, causing significant delays to parcel deliveries and online payments at the height of the busy Christmas season.
Services Knocked Offline by DDoS Attack
The incident, which occurred on Monday 22 December 2025, was identified as a distributed denial of service (DDoS) attack. The state-owned postal operator, La Poste, confirmed in an official statement that the attack had rendered its online services completely inaccessible. The company was quick to reassure customers that there was no impact on personal or financial data, but the operational fallout was immediate and widespread.
Frustration for Customers and Staff
The disruption had a tangible impact on the ground. At a typically bustling Paris post office adorned with holiday decorations, employees were forced to turn away frustrated customers. Long queues formed as people hoping to send or collect parcels, including last-minute Christmas gifts, were left disappointed. The package and mail delivery network across the country experienced significant blockages and delays.
Customers of La Banque Postale, the banking division of the postal group, found themselves unable to use its mobile application to authorise payments or access other services. In response to the outage, the bank implemented a contingency measure, redirecting payment approvals to text message authentication. In messages posted on social media, the bank stated, "Our teams are mobilised to resolve the situation quickly."
Broader Implications for Critical Infrastructure
This cyberattack on a critical national service provider underscores the growing vulnerability of essential infrastructure, especially during periods of peak demand. The timing, during the pre-Christmas rush, maximised the disruption for both consumers and businesses relying on postal and financial services. While a DDoS attack aims to overwhelm systems with traffic rather than steal data, its capacity to halt operations and cause economic and logistical chaos is powerfully demonstrated by this event. The incident will likely prompt further scrutiny of cybersecurity defences within public service entities across Europe.
