Skip to content
RansomwareOngoing

Eyguières town hall paralyzed by ransomware

On 22 May 2026, the town hall of Eyguières (Bouches-du-Rhône, ~7,000 inhabitants) was hit by a Qilin ransomware attack that took down its municipal IT systems and put residents' administrative and personal data at risk of compromise.

Victim
Eyguières town hall

On 22 May 2026, Eyguières town hall — the municipal administration of a commune of roughly 7,000 inhabitants in the Alpilles (Bouches-du-Rhône) — was paralyzed by a ransomware attack attributed to the Qilin group. The intrusion rendered the town hall's electronic systems unavailable, severely disrupting day-to-day administrative services for residents.

Qilin operates as a ransomware-as-a-service platform whose affiliates have repeatedly targeted hospitals, local authorities and other public bodies across Europe. In this case the attackers encrypted municipal systems and authorities feared the compromise of communal records and residents' personal information, with reporting suggesting the data could be exploited to fabricate false identities for fraud and scams.

Data potentially at risk includes:

  • Municipal administrative records
  • Personal data of residents handled by the town hall

The Salon-de-Provence gendarmerie opened an investigation, though identifying the perpetrators is complicated by the attackers' use of anonymization tools. No ransom amount or precise number of affected records has been made public, and the incident remained under investigation with systems still being restored at the time of reporting.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/la-mairie-deyguieres-paralysee-par-un-ransomware/
  2. frenchbreaches.comhttps://frenchbreaches.com/alertes/mairie-d-eygui-res-mpkwhyq0drmqq6v2bv

Related incidents

RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens
RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis