Cybercriminals have stolen data from more than 33 million French citizens after breaking into healthcare payment organizations.

Hackers have stolen personal data of more than 33 million French people from Viamedis and Almerys databases. These are two companies responsible for third-party payments under the French health and health insurance system. Almost half of all French residents are victims.

Big butt

Hackers stole, among other things, data about marital status, dates of birth and insurance numbers. The name of the health insurer and the terms of the contract concluded are also on the table. Data Protection Authority CNIL ( Commission Nationale de l’Informatique et des Libertés) emphasizes that medical data and banking data are not affected. The authority will conduct an investigation, including to determine whether Viamedis and Almerys have complied with their obligations under the GDPR and adequately protected sensitive data.

The attack came to light earlier this month. In response, Viamedis had already closed its platform. According to this company, the criminals were able to collect the data by misleading a healthcare provider through phishing. This shows once again that effective attacks are rarely the result of cleverly exploited zero-day leaks: a much more important vector is the employees themselves, who pass on login data via phishing.

Fodder for more phishing

The massive hack could haunt citizens for a long time, it was indirectly said. The stolen data is now in the hands of the digital underworld, where it circulates. Other criminals can use the data to create their own phishing campaigns that appear highly targeted and credible.

The hack also shows that data remains vulnerable even when collected as part of a government contract. This can encourage companies and governments to think carefully about what data they store and why.