Record data breach in France: 33 million citizens affected by cyberattacks on payment processors Viamedis and Almerys, which serve health insurance companies.
The French data protection agency CNIL is warning citizens about the possibility of social engineering attacks after the personal data of 33 million people, affecting almost half of the country’s population, was leaked through cyber attacks on companies Viamedis and Almerys.
These companies manage third-party payments for health insurance companies. The incident was the largest data leak in France, which included marital status, dates of birth, national identification numbers and the names of insurance companies. It is important that banking information, medical data and contact information were not stolen.
According to the CNIL, policyholders are advised to be wary of any requests, especially related to healthcare reimbursements, and to regularly check activity on their accounts for unusual activity.
According to Max Gannon, a senior analyst at Cofense, the incident highlights the vulnerability of companies due to the human factor, as the attack was carried out through a phishing campaign that was “pecked” by one employee.
He emphasized the need for employee training as a critical measure to strengthen organizations’ cyber security.
Darren Williams, CEO and founder of BlackFog, noted that the healthcare sector continues to be an attractive target for cyberattacks due to the value of the data stored and the often insufficient funding for cybersecurity. He stressed that the full consequences of the attack have yet to be assessed.
The CNIL opened an investigation into both data leaks, which revealed significant flaws in the protection of citizens’ data and a potentially high risk to the privacy and security of French citizens’ personal information.