“This is the biggest security breach in France,” warns Yann Padova on Thursday on franceinfo, while more than 33 million people are affected in France by a massive theft of data from third-party payment managers.
:quality(50)/2023/07/07/64a7df4c5fe71_placeholder-36b69ec8.png)
Published
Update
Reading time: 2 min
:quality(50)/2023/10/21/080-hl-tdurand-1997880-6533ea1ed1140272065651.jpg)
Marital status, social security number, information on mutual insurance, but not banking or medical information… An investigation was opened by the National Commission for Information Technology and Liberties (Cnil) after a massive data theft in the complementary health sector: more than 33 million people are affected. “This is the first time that there has been a violation of this magnitude”assured Thursday February 8 on franceinfo the lawyer specializing in digital data protection and former secretary general of the CNIL, Yann Padova.
The data stolen via these platforms includes marital status, dates of birth, Social Security numbers, the name of the health insurer and the guarantees of the contract subscribed, but not banking information or medical data, specifies the CNIL . No telephone numbers or emails, either, which reduces the value of this data on the black market, but which can still facilitate phishing attempts later.
According to Yann Padova, “this is the biggest security breach in France”. “The risk for people is quite significant, particularly scams, phishing for example, or identity theft,” he warned.
Vigilance when opening an email
Two different operators were actually targeted by a cyberattack, five days apart. These are not mutual societies directly, but two operators responsible for managing third-party payment for them, who suffered a computer attack at the end of January: Viamedis (owned in particular by the complementary companies Malakoff Humanis and Vyv) and Almerys. Which adds a “difficulty” additional in the eyes of the lawyer specializing in digital data protection, because policyholders cannot know whether or not they are affected by these data leaks. The two companies serve as intermediaries between complementary insurance companies and healthcare professionals.
“If you find that there is a curious email that has arrived to you that looks like it came from your mutual insurance company then call them.”
Yann Padova, former secretary general of the CNILon franceinfo
“Your first step should be to call your mutual or complementary insurance to find out if they were in contact with these two companies which were the subject of the security breach”, advises Yann Padova. He specifies that companies “have an obligation under European law to inform people” and calls for proof “vigilance and precaution” when opening an email in particular.
The CNIL calls on the two platforms to quickly inform affected policyholders, and the latter to be careful, in the event of future requests for reimbursement of health costs.