A significant cyber-attack has rocked France, with data from over 33 million individuals—roughly half of the country’s population—falling victim to this sophisticated breach earlier this month. This breach marks a potentially unprecedented event in the nation’s history, according to reports.
Yann Padova, a prominent data protection lawyer and former secretary general of France’s Data Protection Authority (CNIL), has raised alarm over the scale of the attack, estimating that nearly one in every two citizens could be impacted by the breach.
The targets of this digital onslaught were Viamedis and Almerys, two medical insurance providers, both succumbing to attacks within a mere five-day span. Initial investigations suggest that the data loss occurred as cybercriminals executed phishing attacks on unsuspecting employees, gaining access to credentials and subsequently infiltrating central record systems. Information such as social security numbers, marital status, dates of birth, insurance details, and policy coverage information were among the compromised data. Fortunately, critical data such as medical histories, postal addresses, contact details, and bank account information were stored on a separate server, safeguarding them from the attackers.
In response, the French CNIL has launched an inquiry into the cyber-attack and has determined that it was carried out by state-funded hackers. As efforts to recover from the incident are underway, certain services, including the “Tier Payment” system, will be temporarily unavailable to patients, and access to specific health records will be restricted.
Amidst this crisis, individuals are urged to exercise caution, verifying the authenticity of any communication requesting credentials and refraining from clicking on links provided in emails, messages, or calls. Vigilance is paramount in safeguarding against further breaches and protecting personal information from falling into the wrong hands.
