Data of half the population of France stolen in its largest ever cyberattack. This is what we know
Data of half the population of France stolen in its largest ever cyberattack. This is what we know unknown
One in two French people’s data was stolen in a major cybersecurity breach - the largest ever in France - leaving 33 million at risk.
Over 33 million people in France - nearly half of its population - have been impacted by the country’s biggest-ever cyberattack.
Two French service providers for medical insurance companies were targeted, with the companies admitting that millions of people’s data were potentially exposed to the hackers.
"This is the first time there has been a breach on such a scale," Yann Padova, a lawyer specialising in digital data protection and former Secretary General of the French data protection authority (CNIL) told French broadcaster Franceinfo on Thursday.
According to Padova, this is "the biggest security breach in France".
This is what we know about the attacks and which data was stolen.
What happened?
Two companies - Viamedis and Almerys - are service providers for medical insurance companies. They were victims of a cyberattack that occurred five days apart at the beginning of February.
According to the first provider, Viamedis, the hackers phished and used health professionals' logins to get into the system.
Almerys said that the hackers had not breached its central system but had accessed a portal used by health professionals
The two providers have filed complaints with the public prosecutor and an investigation is underway.
Which data were stolen?
Over 33 million people - just under half of the French population - were affected by the data leak, which included details like "the marital status, date of birth and social security number, the name of the health insurer and the cover provided by the policy" of the individuals impacted, according to the French data protection authority (CNIL).
The CNIL assured that "no bank details, medical data, postal address, telephone number or e-mail are involved".
What are the consequences?
The "tiers payant," a payment system in which the patient doesn't have to pay the full cost of medical services upfront, may be unavailable for certain health professionals but still available for the patients.
The CNIL warned users against phishing risks, especially as the new data leaked could be combined with other information from previous data breaches.
Users should be especially careful to double-check the authenticity of emails, texts, and calls claiming to be from official organisations.
The people whose data were compromised will be contacted to be individually informed by their health insurance to comply with GDPR guidelines.