Almerys, a prominent French healthcare payment service provider, has succumbed to a severe data breach, affecting a staggering 33 million people. While the company is yet to release an official statement, France’s data protection authority (CNIL) has confirmed the cybersecurity incident. The compromised data includes sensitive information such as names, dates of birth, and social security numbers, presenting potential risks of phishing scams, identity theft, and other cybersecurity threats for the affected individuals.
Although the breach does not involve financial information, CNIL emphasizes the need for caution, as the exposed data might be used in conjunction with other information from previous breaches. To safeguard the impacted individuals, CNIL asserts that Almerys will be required to inform them directly and individually, adhering to the stipulations of the General Data Protection Regulation (GDPR). As part of its response, CNIL has initiated an investigation to scrutinize the security measures in place at Almerys and assess compliance with GDPR obligations.
