[BreachExchange] Mass personal data theft from Paris Covid tests: hospitals

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Thu Sep 16 08:35:37 EDT 2021


https://techxplore.com/news/2021-09-mass-personal-theft-paris-covid.html

Hackers stole the personal data of around 1.4 million people who took
COVID-19 tests in the Paris region in the middle of 2020, hospital
officials in the French capital disclosed on Wednesday.

Hospital officials said they filed a complaint with the Paris prosecutor's
office on Wednesday after confirming on September 12 that such a cyber
attack took place over the summer.

Stolen were the identities, social security numbers and contact details of
people tested as well as the identities and contact details of health
professionals who dealt with them, along with the test results, the
hospital organisation said.

But no other health information was stolen, they said.

In all, "the stolen files concern 1.4 million people, almost exclusively
for tests taken in the middle of 2020" in the Paris region, the hospitals
organisation said in a statement.

Those affected "will be notified individually in the coming days", they
said.

The facts of the case were also reported to France's data watchdog, the
CNIL, and the French National Agency for the Security of Information
Systems (ANSSI).

The CNIL said it had "opened an investigation into this violation".

The hackers did not target the national testing files but rather a "secure
service for sharing files", which were used in September 2020 to transmit
information "useful for contact tracing" to various health authorities.

The ministry of health also told AFP it has decided to file a complaint so
that "all light is brought to bear on the leak, its consequences, and all
the measures needed are taken to prevent a repeat of such an event".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210916/14a7981d/attachment.html>


More information about the BreachExchange mailing list