La Poste Mobile Data Breach
La Poste Mobile French Telecom Breach (2022): 1.3 Million Customer Records Including Full Credit Card & Bank Account Numbers Exposed via LockBit Ransomware
French mobile telecommunications provider.
Risk Interpretation
Severe risk of phishing, SIM swap attacks, account takeover, and identity fraud. Telecom records are especially dangerous because they can be used to pivot into other accounts.
Impact & Downstream Threats
The 2022 incident caused notable operational disruption. Customer-facing systems including the website, customer portal, and mobile application were taken offline for around ten days, interrupting account management, number-portability requests, and customer support during the recovery period. The company issued public statements acknowledging the incident, notified affected customers via SMS, engaged external incident-response specialists, and reported the incident to French authorities. The fa
- Financial fraud using exposed financial profile data
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
La Poste Mobile, a French mobile virtual network operator owned by La Poste and SFR, was hit by a LockBit 3.0 ransomware attack on July 4, 2022. The incident affected the company's administrative and management systems rather than its core network, but it forced the customer-facing website and account portal offline for roughly ten days while the company contained the intrusion and engaged external responders.\n\nLockBit listed La Poste Mobile on its public extortion site and, after the company declined to pay, began publishing stolen data in mid-July 2022. The dump included customer files for both mobile and home-internet (Box) subscribers. The exposed data covered approximately 1.3 million customer records, with around 533,000 unique email addresses among them. Fields included names, physical addresses, phone numbers, dates of birth, gender, and banking information including account numbers, alongside payment-card data in at least some records.\n\nThe exposure carries higher risk than a typical contact-data breach. Bank account numbers, names, and dates of birth are a strong base for SEPA-area direct-debit fraud and identity-verification attacks at French financial services. SIM-swap risk is elevated because attackers hold both customer phone numbers and matching personal identifiers. Affected La Poste Mobile customers should treat their phone number as a higher-risk authentication channel, monitor bank statements closely for unauthorized direct debits, and remain alert to fraud calls or messages referencing their account.
About La Poste Mobile
La Poste Mobile is a French mobile virtual network operator (MVNO) jointly owned by La Poste, the French postal service, and SFR, the mobile network operator that supplies its underlying infrastructure. The company offers mobile-phone subscriptions, prepaid plans, and home internet (Box) services to retail customers in France. As of 2022, it served roughly 1.8 million subscribers, positioning it as a significant secondary brand in the French telecom market. Its customer base skews toward La Poste retail and banking customers cross-sold the mobile service through post-office branch networks.
Why They Hold Your Data
Telecom providers collect subscriber identity, phone numbers, billing records, service addresses, device data, and account-management information across mobile-service operations.
Recent Developments
La Poste Mobile took its website and customer portal offline for an extended period following the July 2022 attack and rebuilt access controls before bringing services back online. The incident triggered required notifications under the EU's General Data Protection Regulation. The company has not been publicly tied to a further large-scale breach disclosure since then. Both the LockBit ransomware operation responsible for the 2022 attack and the broader French telecom ecosystem have continued to face ransomware activity, although LockBit itself was significantly disrupted by an international law-enforcement takedown in early 2024.
Data Points Exposed
Exposure Categories
Canonical Fields
bank_account_number, credit_card, date_of_birth, email_address, full_name, gender, phone_number, physical_address
Dark Web Verification
- Dataset containing ~1.3M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: lapostemobile.fr-2022;La Poste Mobile Data Breach
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of La Poste Mobile
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam