back to top

Trending Content:

Rhode Island Actual Property Commissions: What You Can Anticipate in 2024

Once you’re navigating Rhode Island’s housing market, understanding how...

PAK vs ENG: England unveil enjoying XI as Ben Stokes dominated out as a result of harm

England captain Ben Stokes (R) gestures throughout a match...

Largest Knowledge Breaches in France [Updated 2024] | Cybersecurity

In accordance with the newest cybersecurity report of CNIL, the French information safety supervisor, France has seen a report of non-public information breaches in 2021 — a close to 80% improve from 2020.

The CNIL carried out strict regulatory measures on French companies and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. 9 sanctions had been for inefficient information safety.

The report indicated that the most typical targets of cyber assaults had been small and medium-sized corporations. Greater than half of the information breach notifications from the report had been ransomware, which is a staggering 128% improve since 2020.

Listing of Largest Knowledge Breaches in France

Here’s a listing of the largest information breaches to happen in France:

1. Dedalus Biologie

Date: February 23, 2021

Impression: 491,840 medical information

In accordance with an investigation carried out by Libération, a large information breach occurred in February 2021, together with roughly 500,000 medical information of French sufferers of unknown origin, together with names, medical historical past, and social safety numbers that had been leaked on the web.

The cybersecurity weblog Zataz on Telegram first found the information leak wherein customers found a clandestine group that trades stolen information on Telegram.

Libération studies that the stolen information accommodates medical information and COVID-19 checks from 30 healthcare laboratories in northwest France. The leaked information included details about examinations carried out between 2015 and October 2020.

In accordance with AFP (Agence France-Presse), the leaked medical information included:

Affected person namesAddressesTelephone numbersPostcodesEmail accountsHealth insurance coverage providersSocial safety numbersBlood typesHIV statusFertility standing

Paris prosecutors in control of cybercrime reported to the AFP that an investigation is underway to find out if there was a “fraudulent entry to, and upkeep of an automatic information processing system” and “fraudulent extraction, holding and sharing” of the data.

Initially, they failed to learn how the hackers stole the data from the healthcare clinics and laboratories. However, one thing in common that the laboratories had was that they used software from Dedalus, a healthcare provider.

Dedalus was fined €1.5 million for violating the GDPR (General Data Protection Regulation) for failing to protect EU citizens’ personal data. According to the journalist that found the leaked data, the hackers made the data public after they failed to find a buyer.

In light of the incident, French President, Emmanuel Macron, announced a cybercrime combat program worth €1 billion that can enhance cybersecurity for the French healthcare system.

2. French Insurer AXA671fd672fe925ed1b99190c4 64ed10d4684cb21b0375fff7 136

Date: May 16, 2021

Impact: 3 TB of sensitive data and medical records exposed; possible unregistered DDoS attacks.

The Asian branches of the French insurer AXA suffered a ransomware attack in May 2021, stealing three terabytes of sensitive data.

The attack targeted sectors in Hong Kong, Thailand, Malaysia, and the Philippines and occurred after AXA canceled the Asian branches’ coverages against cyber attacks.

The alleged hacker group that’s responsible for the attack is Avaddon, and the group claims that they have also executed a DDoS attack on the subsidiaries.

AXA hasn’t confirmed the amount of the demanded ransom price nor whether they eventually paid it.

3. Pierre Rouquès – Les Bluets Maternity Hospital671fd672fe925ed1b99190bb 64ed113bf4b9c82f9259d7c2 137

Date: October 9, 2022

Impact: 150 GB of personal data and medical records

The ransomware hacker group Vice Society took credit for the cyber attack. The group used ransomware that encrypts data and demanded payment to restore their networks within one day. However, while the hacker group stated that all system sectors were fully encrypted, the hospital staff had access to most medical records.

The hospital also gave an update on the situation nine days later, stating that the hackers stole more than 150 GB of files containing patients’ personal data and health records from the hospital’s systems.

According to Zataz, the hackers disclosed the stolen documents and files on the dark web after the hospital declined to pay the ransom. The data included patient names, addresses, accounts, and Outlook account backups of staff members.

Vice Society is known for targeting schools and healthcare establishments and is infamous for completely disrupting services in the Arles Hospital clinic and the Ajaccio clinic in 2022. They commonly employ a double extortion technique — a ransomware method that encrypts the target’s systems and threatens to upload the stolen data on the dark web.

4. Thales671fd672fe925ed1b99191c9 64ed1192fc604faf91576afa 138

Date: November 11, 2022

Impact: 9.5 GB of archive files leaked.

Thales, a French defense and aerospace company for radars, drones, and military satellites, suffered a cyber attack that led to a data leak of sensitive information on the dark web.

The company refuted that their systems were hacked but confirmed that data had been stolen from a user account of collaborative partners from Italy and Malaysia that involved a data leak of 9.5 GB archive files.

The company believes that the data leak included Thales’ data, which has technical documents, possible corporate data, commercial documents, customer data, financial data, and experimental software that’s allegedly priceless.

The LockBit 3.0 ransomware gang, a relatively new hacker group operating since July 2022, is responsible for said data leak and is known for being a RaaS (Ransom as a Service) provider. The company has already opened an internal investigation and has informed France’s ANSSI national cyber security agency.

Thales reassures that the leaked data does not contain critical government data of national security programs and military projects. However, French local sources state that further data and info are yet to be discovered online.

According to Reuters, Thales’ shares plummeted 8.5% after the attack, but Thales stated that the share price decrease wasn’t linked to the attack.

5. iDealwine671fd672fe925ed1b99190c1 64ed119afc604faf91576b4f 139

Date: October 2022

Impact: Unknown amount of customer data theft.

The famous French-based online retailer for wine, iDealwine, suffered a data breach in October 2022 and hasn’t revealed the total number of customer data impacted.

Their shop was rendered offline for weeks, and the company took measures to deal with the cyber attack by contacting experts and data privacy regulators from France and UK.

6. Corbeil-Essonnes671fd672fe925ed1b99190ca 64ed11f72a969b3f92fed74e 140

Date: August 23, 2022

Impact: All hospital medical records published

A cyber attack on a French hospital in Corbeil-Essonnes near Paris left nurses having to file data from scratch manually. The cyber attack crippled the hospital’s IT system, data storage, imaging storage, patient admission systems, and financial software.

The hackers demanded a €10 million ransom to unlock the system, and they threatened to release patient medical records if requirements weren’t met. The hospital’s director, Gilles Calmes, refused to pay the ransomware hackers.

The hospital staff resorted to transitioning back to analog procedures like burning medical records on DVDs. They were left to work with limited resources and forced to redirect all non-critical services elsewhere in Paris. This analog downgrade cost the hospital €2 million.

Moreover, the staff was prohibited from connecting their personal devices on company premises as all their systems may have been infected.

The French elite tactical force, GIGN, negotiated with the Russian hackers. Their team for counter-terrorism and hostage situations communicated with the hackers via the Protonmail service, a communication channel chosen by the attackers.

The team managed to lower the ransom from €10 million down to a million to stall for time. The hospital refused to pay the ransom again, and the data was published online.

Allegedly, the attack was orchestrated by the Russia-based Lockbit group known for scams and other cyber attacks against US private clinics and healthcare services. The Center did the investigative reports for Combating Digital Crime (C3N) division.

Health Minister François Braun donated €20 million to improve the hospital’s data security, which implies that they’ve likely reverted to standard procedures with systems back online.

7. Apollo.io671fd672fe925ed1b99190c7 64ed12001a06a6ffea358ddb 141

Date: May 2018 (reported September 2018)

Almost 11 million data records from French users were allegedly put up for sale on the dark web after a data breach in the San Francisco-based digital marketing firm Apollo. Apollo did not comment on the data breach.

Around September 2018, a user stated that they infiltrated Apollo’s database and stole 11 million records of French users from Apollo to put up on sale online. The hacker didn’t disclose how the attack was conducted and what other data records were in their possession.

The data records include the following:

NamesEmail addressesLocation coordinatesSocial media profilesPhone numbersWorkplace information

According to Apollo staff, their firm conducts security audits regularly and has the proper cybersecurity stature with intrusion detection software in place.

French users can submit a request to have their data removed via Apollo’s website if they doubt their data is compromised.

8. Assistance Publique-Hôpitaux de Paris (AP-HP)671fd672fe925ed1b99191c6 64ed123bbae871a411ef859e 142

Date: Mid-2020 (confirmed September 12)

Impression: Medical information and information of 1.4 million COVID-19 sufferers leaked

The CNIL, France’s information safety authority, launched a press release on September 21, 2021, after being knowledgeable of the Help Publique-Hôpitaux de Paris (AP-HP) information breach, which included private information and medical information of 1.4 million sufferers that had been examined for COVID-19 in 2020 in Paris.

The CNIL urged all affected to not entry their breached information, as they could pose additional dangers or malware.

The private information classes from the information leak included:

COVID-19 take a look at resultsNature of the COVID-19 testsFirst and final nameDate of birthGenderSocial safety numberHome addressesEmail addressPhone numbersNames of healthcare professionals concerned within the checks

The cyber assault exploited the Parisian hospital’s COVID-19 contact-tracing system, the SI-DEP, which already had safety points.

This hack is certainly one of many who have affected French public hospital programs and healthcare establishments for the reason that pandemic.

Earlier in September 2021, COVID-19 take a look at outcomes and the PII of 700,000 folks had been leaked due to a knowledge breach from a defective interface platform for the SI-DEP system that pharmacists used.

Obtain our information on scaling third-party danger administration regardless of the chances

Latest

Chef vs Puppet | Cybersecurity

Puppet and Chef have each developed considerably—suffice to say,...

How you can Enhance MySQL Safety: Prime 11 Methods | Cybersecurity

Within the pantheon of open supply heavyweights, few applied...

What’s Social Engineering? Definition + Assault Examples | Cybersecurity

Social Engineering, within the context of cybersecurity, is the...

5 Issues You Have to Know About Third-Celebration Danger in 2024 | Cybersecurity

It is now not sufficient to easily be certain...

Newsletter

spot_img

Don't miss

Assembly the Third-Social gathering Threat Necessities of 23 NY CRR | Cybersecurity

The NY CRR 500 laws was instituted by the...

Pakistan clinches title at scrabble event in US

Pakistan's Sohaib Sanaullah (proper in yellow shirt) poses for a...

SolarWinds vs SCOM | Cybersecurity

We have coated greater than a handful of IT monitoring options, however...
spot_imgspot_img

What’s Spear Phishing? | Cybersecurity

Spear phishers search for goal who may lead to monetary acquire or publicity of commerce secrets and techniques for company espionage, personally identifiable info (PII) for identification...

Chef vs Puppet | Cybersecurity

Puppet and Chef have each developed considerably—suffice to say, we’re lengthy overdue in revisiting these two heavy-hitters. On this article we’ll take a recent...

How you can Enhance MySQL Safety: Prime 11 Methods | Cybersecurity

Within the pantheon of open supply heavyweights, few applied sciences are as ubiquitous because the MySQL RDBMS. Integral to standard software program packages like...

LEAVE A REPLY

Please enter your comment!
Please enter your name here