Several government websites were temporarily unavailable on Tuesday morning after the Luxembourg public sector fell victim to a cyberattack, the State Information Technology Centre (Centre des technologies de l’information de l’État, CTIE) has confirmed.

According to a CTIE spokesperson, the ‘public.lu’ domain, home to key services such as Guichet.lu and the CNS health insurer, was targeted by a distributed denial-of-service (DDoS) attack between 07:58 and 08:39.

The attack briefly disrupted access to the domain, though authorities emphasised that the issue was resolved promptly and no sensitive data was disclosed or leaked.

CTIE did not provide details on the size or geographical origin of the attack, citing security concerns.

The latest incident comes as cyberattacks targeting Luxembourg institutions have become increasingly frequent.

In July 2025, Post Luxembourg experienced a network attack that left thousands without internet and telephone services for hours.

Also read:Cyberattack hit Post servers, not phone network itself, says economy minister

Earlier in the year, the Fondation Cancer website was also targeted, part of a 76% increase in cyberattacks in Luxembourg in the first quarter of 2025 compared to the same period in 2024, according to a report by a cybersecurity provider.

Other notable cyber incidents outside of Luxembourg last year included a September attack on a European airport service provider that caused delays across several countries and an attack in August on the city of Trier’s website, which led to days of disruption.

In the same month, the French supermarket chain Auchan suffered a data breach affecting hundreds of thousands of customers following a cyberattack, although Luxembourg customers were not impacted.

Also read:Post cyberattack a ‘warning shot’, MP says

What is a DDoS attack?

A denial-of-service (DoS) attack targets the availability of a computer system, typically by overloading it with requests so that it cannot respond normally.

When an attack originates from multiple computers simultaneously, it is called a distributed denial-of-service (DDoS) attack.

DDoS attacks are more difficult to defend against than attacks from a single source and aim to overwhelm IT systems, making them slow or entirely inaccessible.

(This article was originally published by the Luxemburger Wort. AI translated, with editing and adaptation by Lucrezia Reale.)