Skip to content
RansomwareContained

Quiberon: municipal services disrupted after a cyberattack

On 3 May 2026 the town of Quiberon (Morbihan, France) was hit by a Qilin ransomware attack that encrypted part of its IT systems and exfiltrated personal data; the city refused the ransom and began a gradual, secured rebuild of its infrastructure.

Victim
Quiberon town hall

On 3 May 2026, the town of Quiberon — a coastal commune in the Morbihan department of Brittany, France — was hit by a ransomware attack that disrupted part of its municipal IT systems. The city disclosed the incident publicly on 5 May 2026, and the Qilin ransomware group claimed responsibility, listing the commune on its dark-web leak site on 6 May.

The attackers gained access to the municipality's network, exfiltrated data, and then encrypted systems to render them unusable before demanding a ransom. In line with the recommendations of the French authorities, the City refused to pay. Municipal teams, supported by cybersecurity specialists (Breizh Cyber and Formind), worked on a progressive and secured reconstruction of the IT infrastructure.

The town confirmed that personal data may have been accessed and exfiltrated. While the exact scope was not quantified publicly, residents were advised to stay alert for suspicious solicitations (phishing, scams) in the following months. Exposed-data categories indicated or implied:

  • Personal data of residents and/or municipal staff held in town-hall systems

During the incident, several municipal services were temporarily unavailable or slowed; the city asked residents to defer non-urgent requests. A criminal complaint was filed with the Gendarmerie, whose anti-cybercrime office opened an investigation, and the CNIL and ANSSI were notified. Most services, including the issuance of identity documents, were subsequently restored as the rebuild continued.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/quiberon-les-services-municipaux-perturbes-apres-une-cyberattaque/
  2. ville-quiberon.frhttps://www.ville-quiberon.fr/actualites/cyberattaque-point-de-situation/
  3. zataz.comhttps://www.zataz.com/quiberon-touchee-par-le-rancongiciel-qilin/
  4. it-connect.techhttps://www.it-connect.tech/qilin-ransomware-hits-the-city-of-quiberon/

Related incidents

RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens
RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis