Skip to content
Data breachContained

Vaucluse Provence Attractivité: customers targeted after a cyberattack

On 31 March 2026, Vaucluse Provence Attractivité — the Vaucluse département's public tourism and economic-promotion agency — disclosed a messaging-system compromise that let attackers send fraudulent emails from its official addresses, exposing the names and email addresses of people who had contacted it.

Victim
Vaucluse Provence Attractivité

On 31 March 2026, Vaucluse Provence Attractivité — the public agency in charge of tourism and economic promotion for the Vaucluse département in south-eastern France — disclosed that its email system had been compromised, allowing attackers to send fraudulent messages from the organisation's official addresses.

The attack relied on illicit access to the agency's messaging system rather than a mass exfiltration of databases. Using that access, the intruders dispatched emails that appeared to come from legitimate staff accounts and contained malicious links, aiming to trick recipients into targeted phishing and fraud. The compromise exposed the limited personal data the agency held on people who had previously contacted it.

Exposed data categories included:

  • First and last names
  • Email addresses

Because the messages came from genuine institutional addresses, the main residual risk for those affected is convincing, personalised phishing and scam attempts. The agency said it quickly stopped the fraudulent sends, revoked the compromised access and reviewed connection logs to scope the incident. The breach was reported to France's data protection authority, the CNIL.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/vaucluse-provence-attractivite-des-clients-cibles-apres-une-cyberattaque/

Related incidents