La Poste Mobile 2022 Data Breach

La Poste Mobile French Telecom Breach (2022): 1.3 Million Customer Records Including Full Credit Card & Bank Account Numbers Exposed via LockBit Ransomware | ObscureIQ

ObscureIQ Breach Intelligence

Classification Tags

High SeverityWebsite / service breach

La Poste Mobile French Telecom Breach (2022): 1.3 Million Customer Records Including Full Credit Card & Bank Account Numbers Exposed via LockBit Ransomware

Name: La Poste Mobile French Telecom Breach (2022): 1.3 Million Customer Records Including Full Credit Card & Bank Account Numbers Exposed via LockBit Ransomware
Creator: ObscureIQ
Published: 2022

French mobile telecommunications provider.

Verified by ObscureIQ Intelligence

65/100Breach Risk Index

28Data Value

25Market Recency

478dSince Breach

Breach Intelligence Summary

Entity: La Poste Mobile · Actor: LockBit · Sources: 5 references

Attack: Ransomware

Profile: Company · Mobile telecommunications services · Telecom provider · France

Timeline: Breach (2022-07-04) · Indexed (Jan 04, 2025) · Year (2022)

Exposure: 1.3M records · 8 fields: Bank Account Number, Credit Card, Date of Birth, Email Address, Full Name, Gender, Phone Number, Physical Address

Status: Confirmed

Executive Summary

La Poste Mobile, a French mobile virtual network operator owned by La Poste and SFR, was hit by a LockBit 3.0 ransomware attack on July 4, 2022. The incident affected the company's administrative and management systems rather than its core network, but it forced the customer-facing website and account portal offline for roughly ten days while the company contained the intrusion and engaged external responders.\n\nLockBit listed La Poste Mobile on its public extortion site and, after the company declined to pay, began publishing stolen data in mid-July 2022. The dump included customer files for both mobile and home-internet (Box) subscribers. The exposed data covered approximately 1.3 million customer records, with around 533,000 unique email addresses among them. Fields included names, physical addresses, phone numbers, dates of birth, gender, and banking information including account numbers, alongside payment-card data in at least some records.\n\nThe exposure carries higher risk than a typical contact-data breach. Bank account numbers, names, and dates of birth are a strong base for SEPA-area direct-debit fraud and identity-verification attacks at French financial services. SIM-swap risk is elevated because attackers hold both customer phone numbers and matching personal identifiers. Affected La Poste Mobile customers should treat their phone number as a higher-risk authentication channel, monitor bank statements closely for unauthorized direct debits, and remain alert to fraud calls or messages referencing their account.

ObscureIQ assessment: Severe risk of phishing, SIM swap attacks, account takeover, and identity fraud. Telecom records are especially dangerous because they can be used to pivot into other accounts.

Breach Impact

The 2022 incident caused notable operational disruption. Customer-facing systems including the website, customer portal, and mobile application were taken offline for around ten days, interrupting account management, number-portability requests, and customer support during the recovery period. The company issued public statements acknowledging the incident, notified affected customers via SMS, engaged external incident-response specialists, and reported the incident to French authorities. The fact that banking information was among the leaked fields raised additional regulatory and reputational stakes. There is no public record of major fines or class-action settlement specifically tied to the breach as of early 2026.

About La Poste Mobile

La Poste Mobile is a French mobile virtual network operator (MVNO) jointly owned by La Poste, the French postal service, and SFR, the mobile network operator that supplies its underlying infrastructure. The company offers mobile-phone subscriptions, prepaid plans, and home internet (Box) services to retail customers in France. As of 2022, it served roughly 1.8 million subscribers, positioning it as a significant secondary brand in the French telecom market. Its customer base skews toward La Poste retail and banking customers cross-sold the mobile service through post-office branch networks.

Why They Hold Your Data

Telecom providers collect subscriber identity, phone numbers, billing records, service addresses, device data, and account-management information across mobile-service operations.

Recent Developments

La Poste Mobile took its website and customer portal offline for an extended period following the July 2022 attack and rebuilt access controls before bringing services back online. The incident triggered required notifications under the EU's General Data Protection Regulation. The company has not been publicly tied to a further large-scale breach disclosure since then. Both the LockBit ransomware operation responsible for the 2022 attack and the broader French telecom ecosystem have continued to face ransomware activity, although LockBit itself was significantly disrupted by an international law-enforcement takedown in early 2024.

Data Points Exposed

8 verified field types

Bank Account Number Critical

Credit Card Critical

Date of Birth High

Email Address

Full Name High

Gender

Phone Number

Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical

Primary downstream threats:

Financial fraud using exposed financial profile data
Identity verification bypass using name + date of birth combination
SIM swap attacks where phone numbers are present
Targeted phishing campaigns using exposed email addresses
Doxxing risk from physical address exposure

Threat vectors:

ACH fraud & unauthorized transfers
Card-present & card-not-present fraud
Identity verification bypass
Phishing, credential stuffing & account takeover
Name-based social engineering
Profile enrichment
SIM swapping, vishing & SMS phishing
Physical stalking, mail fraud & identity verification

Threat Actor: LockBit

LockBit

Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere

Turn on multi-factor authentication on email first, then financial accounts.

Find 2FA settings

Report & Recover

If you spot misuse, start an official recovery plan and report fraud.

IdentityTheft.gov Report to FTC

Frequently Asked Questions

What happened in the La Poste Mobile breach?▾

What data was exposed?▾

Verified fields include Bank Account Number, Credit Card, Date of Birth, Email Address, Full Name, Gender, Phone Number, Physical Address.

What should I do if I was affected?▾

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index

DataBreach.com

Record & field corroboration

Breach Index

Have I Been Pwned

Record & field corroboration

Cross-source

9ghz

Independent catalogue listing

Cross-source

BreachForums_Official_Index

Independent catalogue listing

ObscureIQ Intelligence

ObscureIQ proprietary analysis

Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation