Skip to content
RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens

On 26 December 2025, the Commune de Lens — the town hall of Lens, a municipality of roughly 30,000 residents in the Pas-de-Calais (Hauts-de-France), France — publicly disclosed that its information system had been compromised in an overnight intrusion that severely disrupted municipal services. First symptoms appeared on 23–24 December with telephone outages; the city filed a complaint and brought in an IT team that worked "day and night" to restore affected systems.

The intrusion blocked the software used by municipal staff and knocked out the switchboard and the online "portail famille." For about a week services ran in degraded mode, with counter operations falling back to paper procedures; the main line and family portal were progressively restored, the switchboard returning to normal operation around 31 December 2025. The town hall did not publicly disclose the attack vector, and exfiltration or theft of personal data was not confirmed.

The incident fits the pattern of ransomware-style attacks that struck several Hauts-de-France local authorities (including Dunkerque and the Hénin-Carvin agglomeration) over the same period, in which systems were taken offline to contain the spread. No ransomware group has publicly claimed the Lens attack and no ransom demand has been confirmed.

Exposed or impacted elements reported:

  • Municipal staff software and business applications (rendered unavailable)
  • Telephone switchboard and secondary lines
  • The online "portail famille" / digital citizen services

Status: contained — services were progressively restored by late December 2025 and a complaint was filed; no confirmed data leak or claimed attribution at the time of reporting.

Sources

  1. francebleu.frhttps://www.francebleu.fr/infos/faits-divers-justice/la-ville-de-lens-victime-d-un-piratage-informatique-1926814
  2. france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/hauts-de-france/pas-calais/lens/apres-une-cyberattaque-impactant-ses-services-municipaux-la-ville-de-lens-porte-plainte-3272405.html
  3. zataz.comhttps://www.zataz.com/la-mairie-de-lens-paralysee-et-lockbit-5-0-joue-au-pere-noel/
  4. horizonactu.frhttps://www.horizonactu.fr/actualite-46257-la-mairie-de-lens-victime-d-une-intrusion-informatique

Related incidents

RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis