Ransomware victim disclosure
← All victimsLa Poste Mobile
listed as lapostemobile.fr · Claimed by Werewolves · listed 3 years ago
Status timeline
- ListedDec 20, 2023
- Data leakeddate unknown
At a glance
- Group
- Werewolves
- Status
- Data leaked
- Country
- France
- Sector
- Telecommunications
- Listed on leak site
- Dec 20, 2023
About the victim
AI dossier — public-source company profileLa Poste Mobile is a French mobile telecommunications operator and MVNO subsidiary of La Poste, operating since 2009. It serves approximately 2.5 million customers through over 6,000 postal offices nationwide, offering prepaid and postpaid mobile plans, smartphones, and ancillary services including fixed-line telephone and internet offerings.
- Industry
- Mobile Virtual Network Operator (MVNO) & Telecommunications
- Founded
- 2009
Attack summary
Severity: medium — Confirmed data publication by ransomware operator targeting a major telecommunications MVNO with 2.5M customers (implying potential PII exposure at scale); however, no specific proof files documented in the truncated post, no ransom demand stated, and limited detail on data categories exfiltrated.The werewolves group claims to have attacked La Poste Mobile and exfiltrated data. The leak post provides minimal detail on the scope or nature of data compromised, with the post appearing to focus on company identification rather than attack specifics.
Data the group says was taken
AI dossier — extracted from the leak post- customer data
- subscriber records
- telecommunications data
What the group claims
PosteMobile S.p.A. — итальянскаятелекоммуникационная компания,принадлежащая Poste Italiane S.p.A.которая работает в секторе мобильнойтелефонии в качестве операторамобильной виртуальной сети (Full MVNO)в сети Wind, а с 2018 года такжепредлагает фиксированную телефоннуюсвязь и интернет-услуги.
Sources
- Victim sitelapostemobile.fr
- Leak posthttps://werewolves.pro/en/emprint.html
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

