Direct Assurance, a subsidiary of the Axa insurance group, has been the victim of a significant cyberattack that has compromised the personal data of 15,000 of its customers. The breach, which occurred due to a hacking incident at one of Direct Assurance’s suppliers, resulted in the theft of sensitive customer information, including names, dates of birth, addresses, email addresses, phone numbers, and IBANs. This attack impacts approximately 1% of the company’s total customer base, raising concerns over the potential misuse of this data.
While the breach was attributed to a third-party supplier, the exposure of IBANs in particular is of major concern. This sensitive information can be exploited by fraudsters to initiate illegitimate direct debit orders or even impersonate account holders in subscription services. In response to the incident, Direct Assurance has taken immediate action by informing the affected customers, offering apologies, and providing advice on how to prevent further damage. The company has assured its customers that they are available for any support needed.
As required by French data protection laws, the National Commission for Information Technology and Civil Liberties (CNIL) has been alerted to the breach. The CNIL has published guidance on protecting IBANs in the wake of such leaks, noting that these identifiers can sometimes be used to bypass security and commit fraud. However, despite the severity of the breach, no formal complaints have been filed so far, and Direct Assurance is actively working to mitigate the risks posed by the attack.
The breach highlights the ongoing vulnerabilities within the supply chain and the potential risks posed by third-party vendors, which often have access to critical company data. As data breaches become more prevalent, the incident underscores the importance of robust cybersecurity measures, particularly in protecting sensitive customer information. Direct Assurance has vowed to strengthen its security protocols moving forward to prevent similar incidents in the future.
Reference:
