Cyberattack Cripples La Poste and La Banque Postale During Christmas Rush

Early on Monday, December 22, 2025, France’s national postal operator La Poste and its banking arm La Banque Postale experienced a widespread outage described by La Poste as a distributed denial of service incident and called a "major network incident." The interruption began in the early morning and persisted into the evening, leaving customers unable to access online services for more than eight hours and remaining unresolved by Monday night.

The outage halted online package tracking and forced postal branches to turn customers away. Reporters saw patrons waiting at a Paris post office decked in holiday garlands where employees said they could not send or retrieve parcels, including Christmas gifts. La Banque Postale customers were unable to use the bank’s app to approve payments or manage online transactions, and the bank redirected approval flows to text messages as an emergency workaround.

La Poste said the incident did not affect customer data. There has been no public claim of responsibility and investigators have not confirmed a perpetrator. One account described the disruption as affecting "millions of customers," underscoring the reach of the failure given La Poste’s national scale. The company delivered 2.6 billion packages last year and employs more than 200,000 people, making its systems central to commerce and daily life across France.

The timing amplified the practical and economic consequences. The Christmas season is a peak period for parcel delivery and retail activity, and the outage increased operational strain on postal workers already managing high volumes. In-person services could not fully compensate for the loss of digital tools because many processes rely on networked systems for verification, routing, and customer notification. La Banque Postale’s SMS redirection helped some customers complete time sensitive payments, but the temporary measure is limited in capacity and security compared with full digital authentication flows.

Security experts say distributed denial of service attacks typically overwhelm network infrastructure with traffic, rendering services inaccessible even when back end systems and data remain intact. Mitigation can require traffic filtering, rerouting through specialized scrubbing centers, or coordination with internet service providers, actions that can take hours to implement at scale. La Poste’s public characterization of the event points to a volumetric attack rather than a breach of customer information, but the lack of immediate technical detail leaves open questions about root causes and resilience.

The incident arrived a week after a separate cyberattack disrupted operations at the Interior Ministry, a timing that has heightened concern among officials and businesses about a wave of cyber activity targeting French institutions. Authorities face the twin tasks of restoring services and reviewing incident response and contingency plans for essential public services that now depend heavily on networked systems.

For customers the immediate needs are practical. Recipients and senders must seek help at branches where possible, merchants should monitor order and payment confirmations, and banks are likely to maintain fallback authentication methods while services are restored. For policymakers the episode is a reminder that national infrastructure, private operators, and emergency response teams need clear protocols and investment to withstand large scale digital attacks, especially during periods of intense public demand.