Cyberattack in Marseille: six months of chaos, lessons to be learned

Back to page
Newsletter
Mélanie Lebrun
28/2/2025

Hello ️🎉,

Welcome back to the February edition of Récap'IT. This month, I take you inside the hellish aftermath of a cyber attack on the city of Marseille.

I analyze the CNIL's challenges in the face of AI, and decipher the rise of CISOs on boards of directors. One thing is certain: cybersecurity is no longer an option, especially for SMEs.

📅 Today's agenda:

  • Cybersecurity in Marseille
  • CNIL and AI
  • CISOs gain ground on boards of directors
  • Cybersecurity in SMEs
  • The miscellaneous section
  • Cyberattacks of the month
  • News at Youzer

👉 Go !!

Before we start, I invite you to follow us 👉

­

⛵ Cyber attack in Marseille: six months of hell told from the inside

"We no longer have an information system. Compromise confirmed", Jérôme Poggi, CISO for the city of Marseille.

On March 14, 2020, everything changes. A massive cyberattack paralyzes the city's systems. J. Poggi plunges into a six-month nightmare. In just a few hours, 1,300 servers and 400 applications went down, paralyzing the municipal administration on the eve of the elections. Nothing worked anymore," he recounts. Agents, deprived of their digital tools, had to relearn how to work with paper and telephone, improvising solutions to continue their day-to-day tasks.

The first few weeks are a high-voltage marathon. It's a shock for IT teams, who find themselves alone in the face of a crisis on an unprecedented scale.

Poggi describes his experience as that of an "aggressive zombie", working tirelessly to rebuild the city's information system. The psychological impact was considerable, not only for him but also for his team, some of whom suffered burn-outs.
Five years after the incident, Mr. Poggi admits that the traumatic memory persists, with palpitations at each new incident. His testimony underlines the urgent need to take into account the intense stress and trauma experienced by IT security managers during cyber attacks, an aspect often neglected in crisis management.

Today, the IS has largely recovered, but the trauma remains. "For six months, I was an aggressive zombie, completely absorbed in rebuilding the IS. No psychological support. Just stress and exhaustion", admits Jérôme Poggi. Over and above the technical and financial impact, it's the human side of things that has been affected. The episode is a stark reminder that town halls and local authorities are prime targets, often under-prepared and under-funded when it comes to cybersecurity. The question is no longer if an attack will occur, but when - and, above all, whether the resources will be up to the task.

Source: ITforBusiness

A look back at the psychological impact of cyber attacks

Receive the best IT news of the month.
Market trends, IT trends, cyberattacks in France... a summary of the news

Receive IT news

⚖️ CNIL and AI: between regulation, control and adaptation

With the AI Act just around the corner, the CNIL is tackling the challenge of AI, aware that it is still "at the beginning of the road". Its aim is to provide a framework for these technologies without stifling innovation. But generative AI poses unprecedented challenges: opaque models, algorithmic biases, lack of explicit consent.

Three major challenges:

  • A regulatory framework to be refined: The RGPD is no longer enough. The CNIL will have to adapt its rules to better frame the use of data in AI.
  • Skills upgrading imperative: Auditing "black box" algorithms, detecting biases... The authority needs to beef up its technical expertise.
  • A strategic support role: Rather than imposing sanctions after the fact, CNIL aims to help companies anticipate compliance.

The CNIL has to juggle data protection and support for innovation. With its limited resources, it will have to coordinate with its European counterparts in order to influence the debate. If it succeeds in its technological shift, it could become a key player in AI regulation. Otherwise, it risks being overtaken by the speed of technological advances.

Source : LeMagIT

CNIL must regulate in the face of AI

­

👂 CISOs gain ground on boards of directors

Cybersecurity is no longer a topic confined to technical teams: it's now part of strategic discussions at board level. CISOs are seeing their role evolve, gaining influence with senior management, a trend that reflects a growing awareness of the challenges posed by cyber threats.

Why this increase in power?

  • The increase in cyber attacks: Major incidents are multiplying, and their impact is no longer limited to financial losses. Companies' reputations and very survival are at stake.
  • Stricter regulations: NIS 2, DORA, and other regulations are imposing compliance requirements on companies, forcing boards to integrate cybersecurity into their governance.
  • Investors' and customers' expectations: Stakeholders want guarantees of data protection and crisis resilience.

However, this increased recognition of the CISO does not mean that he has carte blanche.

➡️ His major challenge remains pedagogy: transforming technical issues into business challenges that can be understood by non-specialist decision-makers. This means talking about risks, financial impact and business continuity, rather than threats, vulnerabilities and security patches.

This evolution represents both an opportunity and an increased responsibility for CISOs. They are no longer simply guarantors of information systems security: they are becoming key players in corporate strategy. The question now is whether they will have the resources - human, technical and budgetary - to meet the growing expectations placed upon them.


Source : IT Social

CISOs have a greater say

­

🛡️ Cybersecurity: SMEs no longer have a choice

SMEs are no longer immune to cyberattacks. Ransomware, phishing, data theft: they have become prime targets for cybercriminals, precisely because they still think they're too small to be of interest. The bad news is that their vulnerability makes them easy prey, and they often play a key role in larger ecosystems, making their compromise all the more profitable for attackers.

At the same time, regulations are getting tougher. With NIS 2 and other obligations on the horizon, cybersecurity is no longer a subject that can be put off for lack of time or budget. One attack can be enough to jeopardize a company's survival, and the trust of customers and partners is much harder to rebuild than an information system.

So, yes, investing in cybersecurity may seem restrictive, but today it's essential. Solutions exist: strong authentication, regular backups, team awareness... The important thing is to stop believing that it only happens to others.

Source: L'Essor de la Sécurité

SMEs must take active action against cyber risk

Would you like to receive our white paper on identity and access management?

We have been unable to confirm your request.
Your request for a white paper has been taken into account.

Collage

  • French businesses continue to face a significant increase in cyber threats, including ransomware and distributed denial of service (DDoS) attacks. According to a recent report, the number of French companies affected by ransomware jumped by 82%, from 155 cases in 2023 to 282 in 2024, well above the global average of 29%. At the same time, 539 French companies suffered data leaks, contributing to the 2,845 incidents recorded in Europe. The sectors most affected include industry, services, technology and healthcare. This alarming trend underlines the need for French companies to strengthen their cybersecurity measures to protect themselves against these growing threats.
    Worldwide, DDoS attacks are set to increase dramatically in 2023, with growth of 550% over the previous year.
    Source : IT Social
  • The United Kingdom is inaugurating its Cyber Monitoring Centre (CMC), an initiative designed to classify and measure the impact of cyber attacks according to a scale inspired by natural disasters. The idea is simple: to establish a standardized analysis grid to assess the severity of cyber incidents in terms of their financial impact and the number of people affected.
    Could such an approach become a standard, like the Common Vulnerability Scoring System (CVSS) for vulnerabilities? In any case, making cyber attacks more readable for the general public and decision-makers is a step in the right direction.
    Source : Infosecurity Magazine
  • According to a study by Statista, cyber attacks could cost France more than $129 billion by 2024. Security researcher Clément Domingo estimates that the data of eight out of ten French citizens is already circulating on black markets.

cyber risk indicator

­

☠️ Cyberattacks of the month

L'Opéra National du Rhin : was hacked and over 200,000 items of data were leaked.

The Berson town hall: was the victim of a cyber attack resulting in the loss of its data, and a ransom was demanded.

Bain de Bretagne town hall: also the victim of a cyber attack.

CESI : the engineering school suffered a cyberattack that cut off the Internet and disrupted classes.

Orange : a non-critical application was breached. Rey, a member of the HellCat group, claimed responsibility for the attack. Rey claimed to have stolen 380,000 addresses, while Orange claimed to have stolen 12,000 files.

Chronopost : 7.3 million data sets were put up for sale, and the company notified its customers by e-mail.

An MSP: 200 small and medium-sized businesses are managed by this MSP and therefore affected. The hacker resells access to all the employees and software of these companies.

Caisse des Dépôts : suffered a major cyber-attack resulting in a leak of personal data from 70,000 members of the Ircantec pension scheme.

ByBit : the crypto exchange platform was attacked with a loss of $1.4 billion in Ethereum.

PowerSchool : in the USA, this platform used by over 18,000 schools was hacked, affecting 62 million students and 9.5 million teachers. This attack reveals major flaws in poorly protected school systems.

DOGE : yes yes yes, it's still one of the biggest federal data breaches in the US, as Musk and his team gained unauthorized access to critical systems.

­

What's new at Youzer?

Connecting Microsoft 365 to Youzer: Automation and security at your fingertips

Microsoft 365 is at the heart of collaborative working in many companies. But managing user access by hand is tedious and error-prone. The good news is that Youzer automates Microsoft 365 account management in just a few clicks.

Here's how to connect Microsoft 365 to Youzer :

  • Add Microsoft 365 and click on Add a connector.
  • Youzer will ask you to authorize access to your Microsoft 365 tenant via Azure AD.
  • Once logged in, validate the necessary authorizations.
  • Configure automation rules: define roles and access according to your internal policies (account creation, modification, deletion, etc.).

Once everything is set up, activate the connection to synchronize users.

👉 Your Microsoft 365 environment is now connected to Youzer!

You can now

  • Automatic account creation and deletion
  • Automatic license assignment
  • Securing access
  • Save time and reduce errors

With Youzer, managing Microsoft 365 access becomes child's play. More control, less stress, and immediate productivity gains. Ready to simplify your IT? Test integration now! 🚀

I want a demo

Microsoft 365 integration with youzer

Thank you for reading me this far!

Any feedback, want to discuss a project?

I'm here for that 👋.

Linkedin Melanie Lebrun

Every month I send you my discoveries, my analysis on IT news.
I do a lot of monitoring and I share it all!

I'm Mélanie and I'm Youzer's marketing manager.

About me? I have an unquenchable thirst for learning! I'd rather read a book 100 times than watch a movie. I'm a fan of HP 🧙🏼.
I do running and collective sport roller (don't look for it, it's dangerous).