top cx logo
cx logo
Explorearrow down
search icon
Explore
arrow down

33 million social security numbers hacked in France: beware scammers

Victims are warned to be cautious about messages concerning the reimbursement of medical bills

Everyone affected by the data breach will be contacted “individually and directly” by their top-up health insurance providers Pic: Phovoir / Shutterstock

Two companies that manage payments for medical costs have had their data breached by internet pirates, leaving 33 million people’s personal information in the hands of scammers, says the French privacy watchdog.

Viamedis and Almerys, which manage the tiers payant, or third party payment systems for a combined 147 top-up insurance providers, announced the data breach on February 2. 

Both companies were reportedly victims of targeted phishing attacks by pirates, who gained access to their databases.

On February 7, France’s privacy watchdog, the Commission nationale de l'informatique et des libertés, (CNIL) confirmed that the data of 33 million people was leaked in the attacks.

What information did the hackers get?

In its statement CNIL announced that the data breach concerned:

  • Names
  • Civil status
  • Dates of birth
  • Social security numbers
  • The victims’ insurance company names
  • The victims’ insurance policy guarantees

However, the breach does not concern:

  • Bank details
  • Details of medical conditions
  • Reimbursement details
  • Postal addresses
  • Telephone numbers
  • Email addresses

How can I know if my information has been taken?

Everyone affected by the data breach will be contacted “individually and directly” by their top-up providers, according to the CNIL statement.

Not all top-up providers use Viamedis and Almerys. Other third-party payment systems, including those of SP Santé and Actil are unaffected.

However, some of the major top-up providers do use these systems, including Axa santé and AIG Vie Direct.

What can I do if my data has been compromised?

Unfortunately, the data may be used by scammers in phishing attempts. 

This could involve scammers posing as a bank or insurance company and trying to convince people to pay for unexpected costs, premiums, fines, or debts.

While the data breach does not include contact details, scammers may well be able to cross reference the leaked data with information from other sources.

The advice from CNIL is to be vigilant, particularly when contacted about health costs. Rather than replying to such messages or phone calls directly, instead contact organisations directly using the contact details available from official sources.

CNIL also advises people to watch their bank accounts for any unusual activity.

Due to the vast scale of the data breach, the privacy watchdog also announced that it would be investigating to ensure that all of the correct data protection measures were in place.

Read more

Life insurance pay-out scam resurfaces in France - how to spot it

Beware new scams involving QR codes in France

Resident or second-home owner in France?
Benefit from our daily digest of headlines and how-to's to help you make the most of life in France
By joining the newsletter, you agree to our Terms & Conditions and Privacy Policy
See more popular articles
The Connexion Help Guides
featured helpguide
Healthcare in France*
Featured Help Guide
- Understand the French healthcare system, how you access it and how you are reimbursed - Useful if you are new to the French healthcare system or want a more in-depth understanding - Reader question and answer section Aimed at non-French nationals living here, the guide gives an overview of what you are (and are not) covered for. There is also information for second-home owners and regular visitors.
Get news, views and information from France