Identities of 12 million people in France potentially leaked in cyberattack: how to protect yourself

Data is for sale and can be used by scammers for ‘phishing’ fraud

Steps can be taken to minimise the risk of hackers gaining access to your accounts
Published

The personal data of millions of people living in France has likely been stolen after a widespread cybersecurity attack, and is being sold online to other scammers through the dark web. 

The data – including full name, email and home addresses, phone numbers, marital status, and even nearest postal centre of the victim – is on sale for the equivalent of €10,000 in cryptocurrency. 

An anonymous hacker who is selling the data has been proving its authenticity by releasing the data of an estimated 100,000 individuals for free.

It is currently unknown how it was acquired, but some believe it was via a security breach of a public service organisation run by the government, or an insurance provider. 

The hacker – known by the pseudonym Angel Batista in reference to the Dexter novels – is well-known and has been linked to previous leaks. 

If the leak is confirmed those compromised face a heightened risk of identity theft, targeted attacks through phishing scams and other fraudulent actions, and the data being sold to other scammers multiple times.

It is the latest in a series of high profile data leaks.

Read more: Data of more than 200,000 Chronopost clients in France stolen: what to do if affected

Read more: 20 million Free clients subject to data leak: what victims should do

What can you do to stay safe? 

There are a number of preventative measures you can take to stay safe and minimise the risk of being affected by a data leak.

Standard practices include using heightened security measures on your phone and personal devices, such as two-factor authentication and unique passwords. 

In the case of the former, requiring two steps to log on (i.e. entering a password on your computer and then a code received via a text) will limit access to those who have obtained data. 

Using biometric authentication including fingerprint or face scans on your smartphone for certain interactions – such as bank transfers and unlocking sensitive applications – can be useful.

Secondly, keeping passwords complex and varied is important. Having a simple password (such as your birthday) and using it to access everything – email, your bank login, work account, etc – increases the risk of compromise. 

Once a hacker gains access to one area, if you have the same password they can gain access to multiple areas. 

Do not enter personal data – especially bank information – on websites if you have any concerns. 

Regularly monitor your bank account to check no fraudulent payments have been made. 

The sooner you recognise fraudulent activity the quicker you can inform your bank and increase the chance of it being cancelled.

Read more: When must a bank reimburse a customer scam victim in France?

Protect against bank fraud 

Obtaining personal data often leads to scammers impersonating someone in an attemptto gain more intimate data (such as passwords). 

This can be done through email – for example sending a fraudulent email pretending to be collecting payment for a speeding fine – or often via a phone call, with scammers impersonating your bank. 

They call claiming your bank account has been compromised and they are helping you to change the password, however they are looking to access your account to take the money themselves. 

Remember, your bank will never call you to ask for information it already has. 

If in doubt about whether a call is from your bank, hang up and call your bank independently. If the call from your bank was legitimate they will be able to continue discussing the issue. Note it is preferable to use a different phone (mobile / landline) to ensure that the original caller is not still on the line.

Read more: Five tips on how to avoid credit card fraud in France