Ophélie Artaud 3:27 p.m., February 9, 2024

33 million French people are affected by a leak of their social security number, after a cyberattack which affected two third-party payment managers. Particularly sensitive information, which raises fears of an increase in phishing or identity theft attempts.

Date of birth, marital status, name of insurer, contract guarantees and... social security number. 33 million French people are affected by data theft, linked to a cyberattack which affected two third-party payment managers, Viamedis and Almerys, announced the CNIL. Particularly sensitive information, which raises fears of numerous phishing attempts in the weeks and months to come.

>> READ ALSO -

 Hacked health data: how to know if you are one of the 33 million French people affected

The stolen data will likely end up on the dark web, where it will be sold to other hacker groups. While social security numbers alone are not very valuable, it is by cross-referencing different data that hackers can perfect their scams. “A social security number, at the moment, they are not going to do anything with it. But the more data they have on a person, the more they will build the following attacks,” explains Pascal Le Digol, cybersecurity expert at WatchGuard Technologies. “If a person receives a fake email well calibrated using artificial intelligence, with precise personal data, information on their mutual insurance contract, and the presence of the social security number, this gives credibility to the false request and amplifies the rate of clicks."

Social security number, impossible to modify

The greatest risk therefore remains phishing, which consists of trapping a person to obtain personal information, such as identifiers, passwords or banking details, via links present in fake emails or SMS messages. “The more relevance the hackers have on the person, the more they will be able to develop something that is likely to work,” explains the cybersecurity expert. “All data interests hackers, the slightest identifier is sold on the dark web.”

>> READ ALSO -

 What is “vishing”, this fake banker telephone scam?

Once the identifiers have been recovered, in the case of the third-party payer for example, hackers could easily connect to the mutual insurance company and modify certain information, such as the RIB, to obtain, in place of the hacked person, their health reimbursements. “If we are able to think about it, pirates can imagine much better,” worries Pascal Le Digol.

Especially since social security number does not expire and cannot be modified. It is also used to carry out numerous administrative procedures online, such as accessing the Ameli.fr website. If a hacker obtained these identifiers, he could also use the France Connect system, which allows you to connect to the sites of a public service with the identifiers of another, such as health insurance, taxes, or even identity. digital La Poste.

Never click on a link received by email or SMS

To avoid falling into the trap of hackers, the key word remains vigilance. For the cybersecurity expert, the first thing to do is to stop clicking on links in emails. “You receive an email, which tells you to go to your account, to click on a link to go there: you do not click, ever”, insists Pascal Le Digol. "Even if the email seems to come from the organization in question, you don't click. For example, if it's taxes, go directly to the site yourself and the request will be there." A habit to also adopt for SMS.

The people affected by this data theft should quickly be contacted by third-party payment managers. In the meantime, it is recommended to pay attention to any request from your mutual insurance company or a health manager. Once again, do not click on links received by email or SMS, and more generally, never communicate personal or banking data.