Harvest, a French company specializing in the creation of software for wealth management and financial services, was the victim of a cyberattack. As reported by our colleagues at Le Figaro, ransomware attacked a Harvest server hosted by one of its service providers on February 28, 2025. The company notified its clients and the relevant authorities, including the CNIL (National Commission for Information Technology and Civil Liberties).
"A snowball effect"
As a precaution, the firm blocked access to all its software while the investigation was conducted. However, the tools offered by Harvest are widely used by the finance and wealth management professions in France. According to the media, software like O2S, Big, and Fidnet are used daily by 80% of wealth management advisors, asset managers, insurers, and private banks in France.
These tools are essential for consolidating clients' financial data and developing investment portfolios. Deprived of its usual tools, the entire French financial sector is unable to access its clients' data.
Some insurers "are afraid of a snowball effect and contagion to their servers," explains Benjamin Deneux, deputy CEO of Théseis, a French group specializing in wealth management. In response, insurers have preferred to close their servers until the danger has passed. Cardif, a subsidiary of BNP Paribas, has closed its external network dedicated to exchanges with its partners. For its part, the French mutual insurance group MMA is asking its distributors to communicate exclusively by post.
A gradual return to normal
Furthermore, users of Harvest tools are concerned that cybercriminals may have managed to exfiltrate sensitive data during the attack. The software contains identity documents and bank account details. With this data, hackers can impersonate the people concerned or orchestrate convincing phishing attacks. Harvest specifies that its investigation has not revealed any leaks of personal data for the moment.
While the financial world is still in the dark, Harvest plans to gradually restart all of its infrastructure, starting with the Fifty software, which was disabled as a precaution in the wake of the attack. The software was restarted at the end of last weekend. Before relaunching all of its products, the French firm is awaiting approval from its cybersecurity partners. They are combing through all of the company's servers in search of any malware left behind by hackers.
A fragile sector
This case highlights the "predominance" of certain digital solutions in the financial sector, "a factor of fragility for the sector", explains a manager of a wealth management advisors association. Too many companies rely entirely on the same tools. When these are out of service, an entire sector comes to a standstill.
A studyby the French Information Security Agency reveals that notaries, lawyers, insurance companies, and banks remain the main targets of cyberattacks in France. By attacking these targets, hackers are seeking to misappropriate funds and steal sensitive data. Half of the attacks recorded involved ransomware. As Arié Attias, Property and Casualty Insurance Account Manager at the Exponens group, explains, all companies in France must be prepared in the event of cyberattacks:
Source: Le Figaro
0 Comments