DDoS cyberattack against La Poste and La Banque Postale: understanding the incident of December 22, 2025
On the morning of Monday December 22, 2025, aDDoS attack severely disrupted the La Poste and La Banque Postale groups. According to the information made public, the interconnection between a datacenter and the Internet was targeted, rendering numerous online services inaccessible from around 6:30 a.m., just 48 hours before Christmas Eve. At the same time, other establishments such as Caisse d’Épargne and Banque Populaire reported slowdowns and “malfunctioning” of their services.
This article takes a structured look at what we know about the incident, how a DDoS attack works and the lessons to be learned in terms of service continuity and digital security.
Key points to remember
- On the morning of December 22, 2025, a DDoS (distributed denial of service) cyber attack hit La Poste and La Banque Postale.
- The attack is believed to have targeted the interconnection between one of the Group’s datacenters and the Internet, disrupting a large number of online services.
- These included access to La Banque Postale accounts, Colissimo services (franking, labeling, automated delivery) and the Digiposte digital safe.
- Payments (by card, bank transfer, etc.) were presented as not being concerned, as they use a separate technical flow, separate from the targeted datacenter.
- Faced with the scale of the blockade, the group’s management authorized the closure of some post offices, while some parcel deliveries could still be carried out manually, “the old-fashioned way”.
- This followed a first outage on Saturday December 20, already attributed to a DDoS attack.
- Two other French banks, Caisse d’Épargne and Banque Populaire, experienced slowdowns at the same time, which they attributed to a malfunction, without confirming a cyberattack.
- The incident raises questions about the scale of the attack, the effectiveness of mitigation measures and the possible involvement of organized actors, but there is no public evidence at this stage.

Timeline: from the first disruptions on December 20 to the major incident on December 22
Saturday, December 20: a first warning
According to the information made public, the first signs of fragility appeared on Saturday December 20, 2025. La Poste and La Banque Postale services were unavailable for several hours. The technical information available indicates that this was already a DDoS attack, before a gradual return to normal during the day.
With hindsight, this episode appears to be a precursor: the attackers already seemed to be testing the resilience of the Group’s infrastructures, before striking harder two days later.
Monday morning, December 22: massive blockade 48 hours before Christmas
On the morning of Monday December 22, 2025, the situation took a turn for the worse. From around 6:30 a.m., access to many of La Poste group’s services was disrupted or impossible:
- many customers unable to connect to their La Banque Postale accounts;
- breakdowns affecting Colissimo services, notably franking, labelling and part of the automated parcel distribution system;
- reported unavailability of the Digiposte digital safe;
- more generally, difficulties accessing La Poste’s various online services.
The incident comes at a particularly sensitive time: the final stretch before Christmas, when many individuals rely on La Poste and Colissimo to send or receive their presents. The combination of the seasonal peak in activity and the attack mechanically reinforces the impact felt by users.
Services affected and services preserved
Over the hours, a relatively coherent picture has emerged from technical information and user testimonials. Here is a summary, based on the information available on December 22, 2025:
| Service type | Situation on December 22 (based on available information) |
| Access to La Banque Postale online accounts | Severely disrupted or impossible for many customers. |
| La Poste web services (website, customer areas, etc.) | Severely disrupted, with many unavailabilities reported. |
| Colissimo (postage, labelling, tracking) | Postage and labeling largely blocked; disruptions to automated distribution lines. |
| Parcel delivery | In some cases, this can be done manually, without an electronic terminal, but with degraded operation. |
| Digiposte (digital safe) | Service reported as unavailable or difficult to access. |
| Physical post offices | Operations deteriorated; authorization given to close certain offices in the face of difficulties. |
| Group-related payments (cards, transfers, etc.) | Presented as unaffected, as they use a separate flow that does not pass through the targeted datacenter. |
| Caisse d’Épargne and Banque Populaire | Slowdowns and malfunctions reported; establishments speak of an incident, without confirming a DDoS cyberattack. |
This table clearly shows the systemic nature of the affected interconnection point: by targeting a network node, the attack had a transversal impact on many of the group’s online services.
How La Poste and La Banque Postale reacted
In view of the seriousness of the situation, several operational measures have been reported:
- The management of the La Poste group has agreed to close certain post offices when the scale of the disruption no longer allows normal service;
- However, it was pointed out that parcel deliveries could still be made manually, i.e. without using the usual electronic terminals, in order to limit delays as far as possible;
- Communications emphasized the fact that payment flows were isolated from the affected datacenter, enabling transactions (card payments, transfers, etc.) to continue uninterrupted despite the breakdown of online services.
These elements highlight an organization that is already partially segmented: critical payment flows obviously follow a different technical path from that of web services, which limits the immediate impact on the payment chain in the event of a problem in a datacenter.
Just a DDoS incident? What we can deduce (and what we don’t)
In exchanges between Internet users and commentators, one question often comes up: if the incident is indeed “only” linked to a DDoS, is it really serious? And is this explanation sufficient to describe what happened?
The reassuring elements
On the basis of the information made public at the time, several points can be considered relatively reassuring:
- the communications refer to a DDoS attack targeting the network interconnection; there is no mention, at this stage, of any proven intrusion into internal systems or data theft;
- the fact that payments have been maintained via a separate flow indicates an architecture where certain critical bricks are separated from consumer online services;
- Internal banking operations(clearing, interbank transfers, etc.) can, in many cases, be based on different circuits from the web or mobile interfaces consulted by customers.
It’s important to point out that the absence of any public mention does not mean that there was no internal technical incident, but simply that no data leak or compromise was presented as an established fact at the time the incident was commented on.
Legitimate questions still unanswered
On the other hand, a number of grey areas remain, raising legitimate questions:
- A large-scale DDoS attack is usually expected by large groups, which generally have mitigation solutions in place (specialized suppliers, filtering, redundancy, etc.). The scale of the disruption therefore raises questions about the power of the attack or the exact configuration of the protection in place;
- the fact that similar disruptions were observed on December 20, and again on December 22, raises questions about a targeted campaign rather than a single isolated incident;
- Some observers are questioning the possibility of a more complex attack than DDoS alone, or of a combination of cyber attack and technical failure, although there is no public evidence to confirm this;
- As with many incidents of this type, the question of the possible involvement of organized, or even state-sponsored, actors is being raised against a backdrop of geopolitical tensions, but for the moment this is nothing more than speculation with no public backing.
In short, the main hypothesis remains that of a massive, repeated DDoS attack, but the scale of the blockage and its context call for an in-depth examination of resilience mechanisms and possible scenarios.
What does this mean for customers?
For individuals and businesses alike, the practical repercussions of such an incident can be seen above all in the sudden loss of access to services that have become essential to daily life.
- La Banque Postale customers: unable, sometimes for several hours, to connect to the customer area to consult accounts, make transfers or manage day-to-day transactions.
- La Poste users: difficulty franking letters or parcels via online services and certain terminals, inability to print Colissimo labels, disrupted parcel tracking.
- Digiposte users: temporary unavailability of their digital safe, with the frustration of not being able to access certain documents stored online.
- Businesses, e-tailers and professionals: risk of additional logistical delays in the run-up to Christmas, more complex management of customer shipments and commercial relations.
What’s more,the repetition of these incidents (on December 20 and 22) may be generating a feeling of uncertainty among customers, who are questioning the capacity of the infrastructure to absorb this type of shock in the future.
Specific impact on banking operations
An important point is that the payments themselves (card payments, interbank transfers, etc.) were described as functioning normally, thanks to their routing via a separate flow from the attacked datacenter.
In concrete terms, this means that :
- in-store or online transactions, already initiated, could continue to run even if customers were unable to connect to their web or mobile interface;
- On the other hand, it was more difficult, if not impossible, to prepare new operations (making a transfer, adding a beneficiary…) from the customer area, as long as access remained saturated.
For users, the main inconvenience was the inability to interact with their accounts in real time, rather than a complete blockage of the underlying financial flows.
- they provide access to a multitude of consumer and professional services;
- their unavailability immediately translates into visible blockages for millions of users;
- They are prime targets for attackers seeking to disrupt, destabilize or exert pressure.
This episode illustrates the need for operators of essential services to have robust continuity plans and DDoS mitigation solutions, regularly tested and adapted to evolving threats.
22 December 2025






