Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Data Disaster. Show all posts

Data Disaster: 33 Million French Citizens at Risk in Massive Leak

 


A massive security breach at two third-party healthcare payment servicers has exposed the information of nearly half of all French citizens by way of a major breach of personal information, the French data privacy watchdog revealed last week. As the National Commission on Informatics and Liberty (CNIL) warned in late January, the two leading payment processing outfits, Viamedis and Almerys, both suffered breaches of their systems, resulting in the theft of data belonging to more than 33 million customers from their systems. 

The information that has been compromised includes information such as the date of birth, marital status, social security number, and information about insurance coverage of customers and their families. According to the CNIL, the company did not compromise any banking information, medical records, or contact information. 

As a result of the sophisticated phishing attack that compromised the Almeras and Viamedis third-party payment portals late last month, both payment portals were affected as well. There was no further information provided on the causes of Almery's loss, but there is a high probability that it was a similar incident. 

As Viamedis reported, the attacks occurred within a matter of five days around the beginning of February. Hackers obtained login credentials for health professionals via phishing attacks and gained unauthorized access to the system as a result. 

Even though the exposed information does not include personal financial data, it is still sufficient to increase the likelihood of individuals being targeted by phishing scams, social engineering, identity theft, and insurance fraud as they are exposed to the information. 

According to CNIL, they will ensure Viamedis and Almerys inform impacted individuals personally and directly, to prevent them from falling victim to phishing scams in the aftermath of the attack in compliance with the General Data Protection Regulation (GDPR). In the meantime, Almerys clarified that the central system was not compromised, but the health professional portal had been infiltrated by hackers. 

As confirmed by CNIL, the compromised data includes sensitive information about the affected individuals, including their marriage status, date of birth, social security numbers, insurance details, and insurance coverage, among others. 

As the attackers accessed the two companies' systems in a targeted raid, they were using credentials stolen from healthcare professionals. Following the General Data Protection Regulation of the European Union, the CNIL is working with Viamedis and Almerys to reach out to all affected individuals. Due to the sheer number of customers involved, the process of completing the project will take some time since there are so many of them. 

The third-party payment system which allows patients to not pay for their medical services in advance will not be available for providers for some time as a result of this attack, but users will still be able to access the system. 

Since the massive amount of compromised data has now been in the wrong hands, the French data authority has issued an alert to beware of phishing attacks, and while a detailed investigation is ongoing to determine exactly how the massive breach happened and if Viamedis or Almerys is to blame, a new warning has been issued regarding phishing attacks.

Data Disaster: 35M Customers in Peril as VF's Breach Unveils

 


With its 13 brands, VF Corporation is one of the largest global apparel and footwear companies in the world. They own JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, The North Face, and The North Face brands that accounted for 55% of the backpack market in 2015. It has been reported that VF Corp has been the victim of a ransomware attack in December 2023. 

As a result of the ransomware attack, some of the company's systems were taken out of operation and were forced to contain the threat. There has been a cyber attack on VF Corp's customer data, reported TechCrunch. VF Corp, the parent company of popular brands like Vans, Supreme, and The North Face, claims it stole data from 35.5 million customers in a December attack, according to a regulatory filing. Nevertheless, the company has not provided any information on what type of personal information was compromised. 

Even though the report says that the filing does not explicitly state what personal information was stolen, the company stated that, for its consumer businesses, it does not retain Social Security numbers, bank account information, or credit card numbers. 

A Denver, Colorado-based company, VF Corp, reported its data breach to regulators on Thursday and did not have any evidence that hackers had stolen customer passwords. The Denver-based company did not have any evidence that the hackers had stolen customer passwords. There is no specific information in the filing about what kind of personal data was taken, or if the company has yet been aware of what has been stolen. 

The VF Corp spokesperson did not respond to TechCrunch's email requesting additional information. In addition to the fact that VF Corp does not collect any information about a consumer's Social Security number, bank account number, or credit card, nor does it have any evidence that hackers have stolen any of the company's customer passwords, the company says it does not maintain this information. 

Social Security number and financial information are not stored by VF Corp in its systems, according to the company. Furthermore, VF Corp says that it has not found any evidence that customer passwords have been stolen. As a result of the shutdown of certain systems, VF encountered disruptions in its operations. 

As a result of the incident, retail stores were interrupted in replenishing inventory and orders were delayed. Several and varied issues have resulted in cancellations of orders on the part of customers and consumers, reduced demand on e-commerce sites of some brands, and delayed shipments of some wholesale products. 

The company has managed to restore all of the impacted systems, although minor issues are still being encountered. A VF spokesperson said on Thursday that the company has not disclosed what information was stolen from its IT systems, but it did indicate certain data that was not stolen and that it is still investigating. 

In addition, there has been no evidence to suggest that the company has stolen the passwords of its customers and that Social Security numbers, bank account details, or credit card numbers are stored in its computer system. 

VF, as a co-founder and chief innovation officer for CyberSaint, is providing a certain level of assurance to the SEC and their investors that the 35 million records were not tampered with with highly sensitive [personally identifiable information] PII. Padraic O'Reilly, co-founder and chief innovation officer for CyberSaint, explained that what was not taken. 

According to his view, based on this information, we can presume that consumer names, addresses, demographic information, and information regarding their purchases may be included in the investigation. 8-Ks are usually released in stages as investigations progress, so stay tuned in this situation.