Banque Populaire, Savings Fund and MAIF alert their customers with a data leak following hacking. Phishing companions and identity theft attempts are to be feared.
The piracy wave continues to surge on French organizations and companies, and it does not seem to want to stop! Each week, we learn a new data leak. Last February, the French company Harvest, which provides software solutions to almost 80 % of wealth management advisers and French private banks, was the victim of ransomware. As a security measure, she had decided to block access to all her products, temporarily penalizing all her customers and completely paralyzing the world of French finance.
But we only start to see the consequences of this cyber attack. As reported The Parisianit turns out that the data from some of Harvest customers have been compromised. Indeed, the MAIF and the Banque Populaire-Caisse d’Alivé (BPCE) were affected by a data leak. Pirates have gone through one of Harvest’s software to exfiltrate customer information. The latter find themselves strongly exposed to increased risks of targeted phishing campaigns (phishing) and identity theft.
Harvest hacking: Banking and compromised insurance data
MAIF and BPCE recently warned all those affected. On the side of the Maif, the data of“Part of the customers and prospects of MAIF financial solutions”a subsidiary of the group, have been stolen. It is their civil status and their matrimonial and professional situation. On the other hand, passwords, identity documents and RIBs were not compromised. As for the BPCE group, only the information relating to a small group of customers has been compromised, namely their identity, the unique identifier of securities accounts and the total amount of assets held on these accounts.
Following data leaks, the victims are likely to be the target of phishing and identity theft. Using stolen information, hackers can indeed design convincing and personalized scams. It can, for example, be an email usurping the identity of their completely credible bank, or a good old scam with false banking advisor. The crooks could even use this cyber attack to justify exchanges of bank information on the phone or by email.
Also, it is important to avoid sharing any personal information (telephone, e-mail, identity documents, RIB, IBAN, proof of domicile …) by SMS or by vocal call, especially when the identity of the interlocutor has not been verified. Even if the interlocutor provides personal information to prove who it is, it is necessary to check the legitimacy of the request independently by calling the public and official telephone number to attach the organization or the company in question, or by going directly to its site or its official application, without clicking on the link. We are never too careful!