Massive data breach in France affects 33 million citizens

Graeme Hanna / Last Updated: Feb 12, 2024 / Data and Security
Hackers using data on screen / French data breach impacts 33 million citizens

A massive security breach has been confirmed with almost one in two French citizens affected, involving two service providers for medical insurance companies.

The third-party payment portals involved were Viamedis and Almerys, due to the former experiencing a sophisticated phishing attack that compromised its systems late last month. Almerys did not elaborate on the cause of its loss, but it is thought to be a similar incident.

The French Data Protection Authority (NCIL) detailed the full incident, with around 33 million customers’ data stolen. The leaked data includes personal information such as birth dates, marital status, social security numbers, and insurance details. NCIL moved to allay further fears by stating no banking credentials, medical data, or contact numbers were lost but the scale of the cyber attack is clear.

Yann Padova, a digital data protection lawyer and former secretary general at CNIL commented on the seriousness of the data breach, “This is the first time that there has been a violation of this magnitude (in France),” further adding it was suspected to be the biggest ever leak of its kind, in France.

Investigation underway

The attackers used credentials stolen from healthcare professionals, in a targeted raid, to access the systems at the two companies.

CNIL is now working with Viamedis and Almerys to contact all those impacted, as bound by the European Union’s General Data Protection Regulation. However, given the sheer number of customers involved it will take some time to complete the task.

As a result of this attack, the “tiers payant” system in which patients do not need to contribute the full cost of medical services in advance may be unavailable for providers for some time, but users will still have access.

The French data authority has sent out a renewed warning, to be wary of phishing attacks, given the volume of compromised data now in the wrong hands whilst a full investigation is underwater to ascertain exactly how the massive breach happened and if Viamedis or Almerys are culpable.

Image: Tima Miroshnichenko/Pexels

Graeme Hanna

Freelance Writer

Graeme Hanna is a full-time, freelance writer with significant experience in online news as well as content writing. Since January 2021, he has contributed as a football and news writer for several mainstream UK titles including The Glasgow Times, Rangers Review, Manchester Evening News, MyLondon, Give Me Sport, and the Belfast News Letter. Graeme has worked across several briefs including news and feature writing in addition to other significant work experience in professional services. Now a contributing news writer at ReadWrite.com, he is involved with pitching relevant content for publication as well as writing engaging tech news stories.