33M French Citizens Impacted in Countrys Largest-Ever Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


33M French Citizens Impacted in Countrys Largest-Ever Breach


Viamedis and Almerys, two payment processors widely used by French health insurers, were victims of cyberattackers who struck five days apart.



The French data protection agency, the CNIL, has opened an investigation into a pair of data breaches at payment processors that together affect nearly half of the countrys population.
At the end of January, cyberattackers compromised data for 33 million French citizens held by the two companies, Viamedis and Almerys, which manage third-party payments for health insurance companies. The combined exposure is the
largest-ever data breach for French citizens
.
The firms were breached five days apart. Viamedis general director stated that threat actors mounted a successful phishing attack on an employee as the initial access vector. Meanwhile, assailants accessed a portal used by health professionals to breach Almerys,
according to EuroNews
.
“Healthcare services and providers continue to be massively targeted, often due to the very nature of the data they hold, coupled with the lack of funding for cybersecurity solutions and practices, Darren Williams, CEO and founder at BlackFog, said in an emailed statement. With the personal data of 33 million people involved, it will be some time before we know the true fallout from this attack.
The information thieves managed to make off with a range of personally identifiable information (PII), including marital status, dates of birth, and national identification numbers, names of health insurers, and more. However, banking information, medical data, health reimbursements, addresses, telephone numbers, and emails werent accessed. Still, the CNIL said policyholders should be on the lookout for follow-on attacks.
Be careful about the requests you may receive, particularly if they concern reimbursement of health costs, and periodically check the activities and movements on your various accounts, the CNIL cautioned in its
announcement on the Viamedis/Almerys investigation
(translated by Google Translate). Although contact data is not affected by the breach, it is possible that the breached data could be combined with other information from previous data breaches [for social engineering attacks].
As far as takeaways of the incident for businesses, Max Gannon, senior cyber threat intelligence analyst at Cofense, points out that
once again, a single employee falling for a phishing attempt
is to blame for a cyberattack affecting millions.
Although we are likely to see press releases highlighting the sophistication and complexity of the phishing campaign that was used, the truth remains that a single employee falling for a phishing campaign led to data on millions of individuals being compromised, he says. A companys cybersecurity defenses are only as strong as their weakest link, which, as we have seen, is often a single employee.
Training employees across the company
is one of the most substantial actions that a company can take to better defend itself.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
33M French Citizens Impacted in Countrys Largest-Ever Breach