At the end of February 2025, Harvest, a French company specializing in the creation of software for wealth management and financial services, suffered a cyberattack. The offensive forced the firm to suspend part of its services, including tools widely used by the French financial world. Many private banks, insurers, and wealth management advisors found themselves in a bind. A few weeks later, it turned out that the hackers behind the attack had managed to seize some of Harvest's customer data. MAIF and the Banque Populaire-Caisse d'Epargne (BPCE) group were affected by the data leak.
A gang claims responsibility for the cyberattack
This Thursday, April 10, 2025, the cyberattack was publicly claimed by Run Some Wares, a gang of hackers specializing in ransomware. On their official website, the cybercriminals indicate, with screenshots to support their claim, that they negotiated The ransom payment with Harvest in recent weeks has been confirmed. The French company is seen to be in talks with the gang. In a response to 01net, Harvest states that "in accordance with the French government's anti-money laundering and anti-crime guidelines, the company has in no way complied with the cybercriminals' demands."
The exchanges eventually fizzled out. In retaliation, the Run Some Wares hackers followed through with their threats. They have posted a tree structure of all the data in their possession, reports researcher Clément Domingo on his X account. It reveals "thousands of sensitive information of all kinds". These are only excerpts of the data. The hackers have not communicated everything they compromised.
More than 5,000 French companies compromised
Apparently, "at least 5,000 companies" were affected by the data theft. According to Clément Domingo, "it's a majority of companies - consulting firms - wealth managers - funds - who operate in the world of fintech, finance and wealth in France». Interviewed by le Figaro, Pascale Gloser, president of CNCEF Patrimoine, an organization that brings together wealth management advisors (CGP), states that «almost the entire profession uses their services» and are therefore affected by the aftermath of the cyberattack.
The insurer Maif emphasizes that the The personal data of more than 50,000 of its customers has been compromised, including their civil status, marital status, and employment status. For its part, Harvest claims that no data leak involved the software it sells to players in the banking sector. In fact, the data leak only involved elements extracted from its "internal directory" of information.
In a recent speech, Sonia Fendler, Deputy CEO of the Harvest group, estimated that the cyberattack "is not an isolated case" and that "everyone is exposed to this type of threat."
0 Comments