Hacktivist group disrupt La Poste and La Banque Postale with second DDoS attack

La Poste and its banking subsidiary, La Banque Postale, are hit by a major availability disruption on New Year’s Day 2026. This incident follows a similar DDoS incident that impacted La Poste during the Christmas week. 

The New Year’s Day attack started around 3:30 a.m. local time and took down the main website, the banking app, and the Digiposte secure vault. While the website and app were offline, customers could not confirm online payments through the standard mobile interface. The bank provided a fallback using SMS authentication. Physical services like ATM withdrawals and card payments at stores continued to work without issue.

The hacktivist group NoName057(16) claimed responsibility for both events. NoName057(16) is a group that formed in 2022 to support Russian interests through cyber warfare. They often target countries that support Ukraine, including Poland, Sweden, and Germany.

The number of affected individuals and the total financial impact of the incident are not disclosed.

The Paris prosecutor’s office and the General Directorate for Internal Security (DGSI) are investigating the incident. La Poste officials stated that the attackers did not steal any data or break into internal databases.