Last month, the French company Harvest was the victim of a cyberattack. The hack of the firm, which specializes in creating software for wealth management and financial services, paralyzed the French financial world. Private banks, insurers, and wealth management advisors found themselves unable to operate normally. Harvest develops a series of software programs widely used by these firms. Following the attack, the company decided to block access to all its products as a security measure, temporarily penalizing all its clients.
A few weeks after the attack, orchestrated by ransomware, it turns out that the data of some of Harvest's clients has been compromised. As reported by our colleagues at Le Parisien, MAIF and the Banque Populaire-Caisse d’Épargne (BPCE) group have been affected by a data leak, a direct result of the intrusion at Harvest. Hackers used one of the group's software programs to exfiltrate information on the two banks' customers. What data was stolen? MAIF and BPCE recently notified all affected individuals. MAIF states that the data of "some of the customers and prospects of MAIF Solutions Financières," a subsidiary of the MAIF group specializing in wealth management advice and the distribution of financial and real estate products, has been compromised. Among the data collected by the cybercriminals are civil status, marital status, and professional status. Good news, "no password, ID, or bank details" were stolen.
The BPCE group explains that only information relating to a small group of customers was compromised, including the unique identifier of securities accounts (used to manage investments) and the total amount of assets held in these accounts.
In the hackers' sights
Nevertheless, all those affected find themselves in the crosshairs of cybercriminals. MAIF recommends that victims protect themselves against phishing and identity theft. By using data, hackers can design convincing and personalized scams. The data can be used to write a credible phishing email or text message, which risks alleviating the targets' suspicions.
Interviewed by Le Parisien, Jérôme Notin, CEO of Cybermalveillance.gouv.fr, points out the risks of fake bank advisor scams. In this scenario, hackers "will pretend to be their banker or insurer, tell them that there are fraudulent transactions on their account, that they need to change their passwords, and make transfers to secure accounts." Fake bank advisors are one of the main tactics used by hackers to trap internet users, alongside deepfakes and parcel delivery scams.
In this case, victims are all the more likely to fall into the trap if their bank has warned them of a data leak. Scammers could use the warning to justify exchanging information over the phone or by email. If you have the slightest doubt, it's important to refuse to share your data. Jérôme Notin advises hanging up and calling your bank directly to confirm what the advisor said, or to warn them of a scam. If "it's an email, don't click on any links and go directly to your bank's portal via the app or website.".
The Scourge of Data Leaks in France
This new leak comes at a particular time in France. Indeed, many French companies have suffered an intrusion over the past two years, and things continue to get worse. Since the beginning of the year, several brands have suffered a cyberattack. The CNIL received 5,919 data breach notifications last year, or 16 breaches per day, up 29% compared to 2023. The private information of many French people is floating around criminal markets.
Source: Le Parisien
0 Comments