Nearly half the citizens of France have had their data exposed in a massive security breach at two third-party healthcare payment servicers, the French data privacy watchdog disclosed last week.
Payments outfits Viamedis and Almerys both experienced breaches of their systems in late January, the National Commission on Informatics and Liberty (CNIL) revealed, leading to the theft of data belonging to more than 33 million customers. Affected data on customers and their families includes dates of birth, marital status, social security numbers and insurance information. No banking info, medical data or contact information was compromised, the CNIL added.
Viamedis was reportedly compromised through a phishing attack that targeted healthcare professionals, and used credentials stolen from such professionals to gain access to its systems. Almerys didn’t disclose how its compromise occurred, but it’s possible the ingress was similar in nature – it admitted the attacker gained access through a portal used by healthcare providers.
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft