Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Ransomware.

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and law enforcement notified with yes, and communication strategy with public statements and reassurance to visitors, and incident response plan activated with yes (crisis unit established), and law enforcement notified with yes (complaint filed with paris public prosecutor's office; investigation handled by specialized cybercrime section), and remediation measures with gradual restoration of services, remediation measures with reinforcement of digital security..

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Unspecified (possible exfiltration; no public data confirmed).

Incident Response Plan: The company's incident response plan is described as Yes, Yes (crisis unit established).

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Gradual restoration of services, Reinforcement of digital security, .

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Complaint filed with Paris public prosecutor's office.

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: La Tribune, and Source: BFMTV, and Source: franceinfo, and Source: Article describing the cyberattack on MNHN.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public statements and reassurance to visitors.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Visitors reassured that galleries, zoological parks, and gardens remain open and functional, Cancellation Of 'Tropical Autumn' Exhibition Announced; No New Dates Provided, Galleries, Zoos, And Gardens Remain Open; Some Themed Tours Suspended and .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Enhancement Of Digital Security Measures, .

Ransom Payment History: The company has Paid ransoms in the past.

Most Recent Incident Detected: The most recent incident detected was on Late July.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on Late July 2025 (exact date unspecified).

Most Significant Data Compromised: The most significant data compromised in an incident were Possible data exfiltration and Possible data exfiltration (no public data confirmed compromised).

Most Significant System Affected: The most significant system affected in an incident were Internal computer networkDigital tools for operationsResearch control systemsOnline tools for research, expertise, libraries, and collection consultationDigital applications for themed tours.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Possible data exfiltration and Possible data exfiltration (no public data confirmed compromised).

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Complaint filed with Paris public prosecutor's office.

Most Recent Source: The most recent source of information about an incident are BFMTV, Article describing the cyberattack on MNHN, franceinfo and La Tribune.

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.

Most Recent Customer Advisory: The most recent customer advisory issued were an Visitors reassured that galleries, zoological parks, and gardens remain open and functional, Cancellation of 'Tropical Autumn' exhibition announced; no new dates providedGalleries, zoos and and gardens remain open; some themed tours suspended.