Leak at La Poste
In March 2025, French postal operator La Poste disclosed a breach of its 'Élection du Timbre' platform exposing personal data of about 50,000 users — names, year of birth, email, phone and postal addresses — which was put up for sale online by an attacker.
- Victim
- La Poste
- records
- 50.0K
On 4 March 2025, La Poste — France's national postal operator — was reported to have suffered a data breach affecting roughly 50,000 users of its "Élection du Timbre" (Stamp Election) website. The leak was first revealed by the security outlet ZATAZ after an attacker using the alias "h4tr3d w0rld" offered a CSV file of customer data for sale on an underground forum, negotiating the price via Telegram. The attacker claimed the data had been extracted on 25 February 2025.
The exposed records concerned participants in the stamp-design vote and included:
- First and last names
- Year of birth
- Email addresses
- Phone numbers
- Postal addresses
La Poste confirmed that no banking data and no passwords were compromised. After being alerted, the company took the "Élection du Timbre" site offline for maintenance, identified the entry point used by the attacker, and notified affected customers by email about five days after the initial disclosure.
La Poste reported the incident to France's data-protection authority (CNIL) and filed a criminal complaint with the judicial authorities. It warned the affected users to be especially vigilant against phishing attempts — fraudulent emails, SMS or calls impersonating La Poste — given the nature of the contact details exposed.
Sources
- zataz.comhttps://www.zataz.com/fuite-de-donnees-a-la-poste-lentreprise-alerte-les-clients-impactes/
- journaldugeek.comhttps://www.journaldugeek.com/2025/03/07/alerte-chez-la-poste-des-milliers-dutilisateurs-victimes-dune-fuite-de-donnees/