Over half of French citizens had their personal data stolen as France reels from massive cyberattack

A massive cybersecurity breach has rocked France, with over 33 million individuals – nearly half of the country’s population – falling victim to the largest cyberattack in its history.

The breach targeted two French service providers catering to medical insurance companies, Viamedis and Almerys, both acknowledging the potential exposure of millions of individuals’ data to hackers.

Yann Padova, a legal expert in digital data protection and former Secretary General of the French data protection authority National Commission on Informatics and Liberty or CNIL, described the breach as unprecedented in scale, labelling it as “the biggest security breach in France.”

The attacks occurred within five days at the beginning of February. Viamedis reported that hackers used phishing techniques to obtain login credentials of health professionals, gaining unauthorized access to the system.

Meanwhile, Almerys clarified that the central system remained uncompromised, but hackers infiltrated a portal used by health professionals.

The compromised data includes sensitive information such as marital status, date of birth, social security numbers, health insurer details, and policy coverage for the affected individuals, as confirmed by CNIL.

However, CNIL reassured that critical information such as bank details, medical records, contact information, or email addresses remained unaffected.

In response to the breach, there may be disruptions to the “tiers payant” system, where patients don’t pay the full medical service costs upfront.

The CNIL cautioned against phishing threats, urging vigilance in verifying the authenticity of communications from official sources, especially given the potential for combining leaked data with information from prior breaches.

To comply with General Data Protection Regulation or GDPR’s regulations, individuals impacted by the breach will be individually notified by their health insurance providers.

The incident underscores the growing threat of cyberattacks and the urgent need for robust cybersecurity measures to safeguard personal data and mitigate risks to individuals and organizations alike.

(With inputs from agencies)