Faced with the enormous risks posed by the theft of personal data of Free subscribers, the authorities are opening an investigation while inviting victims to file a complaint via an online form.
This is a serious time for Free subscribers. As we have already reported at length (see our article), the operator admitted a few days ago to having suffered an unprecedented cyberattack during which customers’ personal data was stolen. Particularly sensitive information since it includes name, first name, email address, postal address, telephone number, subscriber identifier, and, for some, IBAN, in other words bank details. As required by law, Free notified affected customers by email – more than 19 million in total! – ensuring that you have taken “all necessary measures immediately to put an end to this attack” and have “strengthened the protection of its information systems”.
A great deal! Except that the damage is done. And the worst is undoubtedly to come for customers whose data has been stolen, to the extent that the hacker behind the attack claims to have found a buyer for the file he had put up for sale. Because contrary to what the operator asserts in its communication which is intended to be reassuring, by asserting that “a simple IBAN is not enough to make a withdrawal from a bank”all experts in the field agree that the combination of all the information now in the hands of malicious people opens the way to numerous scams ranging from fraudulent collection to identity theft.
The matter is so serious that the authorities have just taken charge of it. On Wednesday October 30, the National Commission for Information Technology and Liberties (CNIL) announced that an investigation entrusted to the brigade to fight against cybercrime (BL2C) of the Paris police headquarters had just been opened to shed light on this massive cyberattack. In an alert message published on its sitethe commission indicates to subscribers affected by this data theft the measures to take in this situation, giving practical advice. Above all, she reminds that victims can file a complaint directly from herif they believe that their personal information has not been sufficiently protected and that Free’s security measures seem insufficient to them, or contact the police or gendarmerie, if they are victims of fraudulent payments, identity theft following this data leak.
Free Piracy: an online complaint on Cybermalveillance
Better yet, in order to facilitate the processing of the numerous files which should be opened in the context of this affair, Free subscribers will be able to file a complaint directly online, via an online form which should be available on the site Cybercrime from this Thursday, October 31, and therefore without having to go to a gendarmerie or police station. These centralized depositions will thus feed into the BL2C investigation.
The reaction of these authorities proves, if necessary, the extreme seriousness of the situation, which some try to minimize. but they are not enough. If you are one of the Free customers concerned, it is in your best interest to contact your bank as quickly as possible to inform it of the risks of fraudulent use of your data, in particular the IBAN which, associated with other data, allows to set up fraudulent direct debits. Above all, monitor your accounts very regularly, at least once a day to react very quickly in the event of an unauthorized transaction. And check and clean the list of organizations authorized to make direct debits in your customer area to be sure that no scammers slip through.
Free’s excuses are not enough: you will have to be extra vigilant in the times to come by being more suspicious than usual of any request by email, SMS or even telephone – the fake bank advisor scam is not not an urban legend! – by changing your passwords and implementing double authentication whenever possible. And, given the relative carelessness that Free seems to show in this affair of unprecedented magnitude, we invite you to file a complaint in order to speed up the investigation and the sanctions that could result from it.