Update of February 13, 2025
Shortly after the cyberattack was announced, Chronopost revealed the number of customers affected by the personal data leak to 01Net. According to the firm, 210,000 people were affected by the attack. The carrier added that this was not a ransomware attack, and that the offensive was quickly contained, 24 hours after the event.
——————————————————————————-
Chronopost announced that it had been the victim of a cyberattack. On January 29, 2025, cybercriminals managed to get hold of the personal data of some of the carrier's users. Researcher Clément Domingo, who relayed the information on his X account, assures that millions of people are affected by the data leak. In a response addressed to 01Net, Chronopost denies the estimate, without specifying the number of victims. The company warns all affected French people by email.
The signatures of French people have been compromised
Among the exfiltrated data, we find the name, first name and, "in certain cases", the telephone number, postal address and the signature of individuals as it appears on the proof of delivery. This is a disaster in terms of security. This data can lead to attempts at identity theft or personalized phishing attacks. For example, the signature can be used to sign requests on your behalf...
We can especially fear a resurgence of parcel delivery scams, which wreaked havoc in France at the end of last year. This type of scam consists of claiming that a parcel is awaiting delivery, has been shipped or could not be delivered. To complete the delivery, the hackers demand immediate payment for shipping costs, taxes or customs duties. The message contains a link on which the victim is invited to click to make the payment. It leads to a fraudulent site designed to steal the user's personal and banking information.
To lull the targets' vigilance, the hackers will be able to use the data stolen from Chronopost. This information will allow the scam messages to be personalized, which increases their effectiveness. In this context, the French carrier invites users to "remain vigilant against any suspicious solicitation that could lead to the use of your data for spam or phishing attempts". Do not respond to payment requests received by email or SMS.
Chronopost assures that it has "strengthened the security of the impacted application" and improved "its response to suspicious events". In accordance with the legislation, Chronopost has notified the National Commission for Information Technology and Civil Liberties (CNIL), the authority responsible for data protection in France.
Chronopost joins the many French companies that have been victims of a data leak this year. Other victims of cybercriminals include Thermomix, E.Leclerc, Kiabi and Ecritel.
0 Comments