Viamedis and Almerys, two operators responsible for managing third-party payments for supplementary health insurance, notified the French data protection authority CNIL of a cyberattack at the end of January. This data breach involving Social Security numbers affects approximately 33 million individuals. This is France’s largest cyberattack to date.
33 million insured French citizens have been affected by the data breach. Compromised data includes civil status, date of birth, Social Security number, health insurance company name, and insurance coverage for insured individuals and their families.
According to CNIL:
“Data such as banking information, medical records, medical reimbursements, addresses, phone numbers, and emails are not expected to be affected by this breach.”
We contacted Malakoff Humanis, one of the French insurance companies that works with Viamedis. He also confirmed the same.
Cyber attacks by medical workers
The attack occurred after a medical professional’s credentials and passwords were stolen. This warning was issued on February 1st by Viamedis, who detected the attack. We have also notified other third-party payment platforms.
A few days later, another company, Almerys, also announced that it had detected an intrusion. No other major third-party payment platforms have announced any violations and so far there appears to be no impact.
Related article
large scale attack
The two service providers that suffered the cyber attack are leading companies in the industry, each accounting for just under 40 million Social Security members, partnering with around 100 affiliated complementary health insurance companies, and providing specialized services to over 200,000 people. It has members.
33 million French people will be affected. This makes this data breach one of the largest incidents in France. An investigation is currently underway to determine how this theft occurred, how the expert’s credentials were compromised, and who the hackers are.
Related article
significant risk
One thing is for sure: the stolen data is highly sensitive. For example, the social security number is a unique and definitive identifier assigned to each French citizen. This is an important element in various administrative procedures and cannot be changed like a compromised password.
A compromised Social Security number puts victims at risk for phishing and identity theft. According to the CNIL, it is indeed
“The data may be combined with other information from previous data breaches.”
In other words, it is possible to recreate a person’s identity and use that name to commit criminal acts or apply for consumer loans and other financial transactions.
