Two companies that manage payments for medical costs have had their data breached by internet pirates, leaving 33 million people’s personal information in the hands of scammers, says the French privacy watchdog.
Viamedis and Almerys, which manage the tiers payant, or third party payment systems for a combined 147 top-up insurance providers, announced the data breach on February 2.
Both companies were reportedly victims of targeted phishing attacks by pirates, who gained access to their databases.
On February 7, France’s privacy watchdog, the Commission nationale de l'informatique et des libertés, (CNIL) confirmed that the data of 33 million people was leaked in the attacks.
What information did the hackers get?
In its statement CNIL announced that the data breach concerned:
- Civil status
- Dates of birth
- Social security numbers
- The victims’ insurance company names
- The victims’ insurance policy guarantees
However, the breach does not concern:
- Bank details
- Details of medical conditions
- Reimbursement details
- Postal addresses
- Telephone numbers
- Email addresses
How can I know if my information has been taken?
Everyone affected by the data breach will be contacted “individually and directly” by their top-up providers, according to the CNIL statement.
Not all top-up providers use Viamedis and Almerys. Other third-party payment systems, including those of SP Santé and Actil are unaffected.
However, some of the major top-up providers do use these systems, including Axa santé and AIG Vie Direct.
What can I do if my data has been compromised?
Unfortunately, the data may be used by scammers in phishing attempts.
This could involve scammers posing as a bank or insurance company and trying to convince people to pay for unexpected costs, premiums, fines, or debts.
While the data breach does not include contact details, scammers may well be able to cross reference the leaked data with information from other sources.
The advice from CNIL is to be vigilant, particularly when contacted about health costs. Rather than replying to such messages or phone calls directly, instead contact organisations directly using the contact details available from official sources.
CNIL also advises people to watch their bank accounts for any unusual activity.
Due to the vast scale of the data breach, the privacy watchdog also announced that it would be investigating to ensure that all of the correct data protection measures were in place.