Cybercriminals are hungry for personal data. Almerys, a third-party payment specialist, was the victim of a cyberattack and saw the social security numbers of many policyholders leaked.
It’s a story that never ends. Just a few days after a major attack targeting the mutual health specialist Viamedis, another company of the same type has just suffered an intrusion into its IT systems. Almerys, partner of organizations such as Mutuelle Générale, Banque Postale health insurance and AG2R La Mondiale, was the victim of a hack which exposed the data of its policyholders, explains AFP.
Social security numbers, dates of birth, first and last names…
Although we do not know, for the moment, the exact number of victims concerned, the names, first names, dates of birth, social security numbers as well as the insurer’s contract numbers of a large number of French men and women were able to be stolen during the attack. The company would still like to specify that postal contact details, telephone numbers and email addresses “are in no way affected by this compromise“.
The method of attack resembles, a priori, like two drops of water to that used against Viamedis. The impersonation of healthcare professionals allowed malicious hackers to connect to the dedicated platform, then allowing easier access to the rest of the information hosted by Almerys.
Faced with the multiplication of its attacks, the Rassemblement des opticiens de France (ROF), the majority union in the profession, demanded that “all health platforms» demonstrate «with extreme vigilance» and offer “increased guarantees in terms of data security“. Almerys announced that it was setting up a “active surveillance and reinforced control measures […] to detect any suspicious activity“.
Beware of phishing
The portal has been closed, but the company indicates that “services are functioning normally» and that no policyholder should pay any costs during the system restoration period. A complaint was filed with the public prosecutor and a notification was sent to the CNIL, as required by law.
As always with this type of attack, the immediate risk is to be fooled by a phishing attempt. With a pile of personal information like that, it becomes easy to pose as a legitimate health organization and steal even more data from you by claiming any problems with medical reimbursement. So be attentive to any letters that are a little too alarmist regarding your mutual insurance in the coming weeks.
Download
- Dematerialization
- Accessibility
- Additional Features
The dematerialized Carte Vitale is a mobile application which serves as a digital version of the traditional physical Carte Vitale. It allows users to access their health insurance information and benefit from additional services directly from their smartphone.
The dematerialized Carte Vitale is a mobile application which serves as a digital version of the traditional physical Carte Vitale. It allows users to access their health insurance information and benefit from additional services directly from their smartphone.
Source : The world
8