INDIGO INCIDENT ALERT
A cyber security incident has occurred at INDIGO. We strongly encourage you to remain vigilant. Read more.
Updated 24 April 2025
The INDIGO Group has been the victim of a security incident resulting in malicious individuals gaining access to its information system.
This illegal act potentially enabled unauthorised access to some of its customers’ personal data. So far, we have not observed any fraudulent use of this data. Investigations, however, are still under way.
As soon as we became aware of the incident, we immediately took the appropriate technical and information-related measures. The Group has filed a complaint with the public prosecutor and notified the CNIL (French data protection authority) of this incident in accordance with its legal obligations. It has also individually informed its customers of a potential leak of their personal data and of the associated risks.
The message includes safety warnings and advice based on recommendations from experts, the CNIL and the ANSSI (French national cybersecurity agency).
Be careful if you receive any letters, emails, text messages or phone calls. Do not reply if they seem suspicious. Delete them immediately. Never click on links in messages if you are not sure where they come from.
We advise you to watch out especially for any signs suggesting identiTy theft such as:
– Suspicious activity on your bank accounts
– Unauthorised mail forwarding
– Unauthorised mobile phone porting
– Deliveries of goods of services you did not order
If you suspect your personal data is being used to fraudulent ends, keep all the evidence you can (messages, website addresses, screenshots, etc.).
As a rule, be careful when you supply your data on websites or receive emails asking you to provide or update your information.
To stay safe from social engineering (attempts at manipulating you into disclosing your personal information):
– Beware of anyone who contacts you to ask for your personal information or access credentials, even if they seem to have other information about you.
– Do not reply to emails or text messages asking you for personal information; very few bona fide organisations will use those channels to ask you for personal information.
– Beware of unrequested phone calls from people claiming to represent government offices, social security offices or businesses.
INDIGO will never call you to request that information. If you need any further advice on how to protect your personal information, we suggest you also check this page (in French): https://www.cybermalveillance.gouv.fr/cybermenaces