Massive data leak: you have received an email from Health Insurance, here is what you should do

After the data leak of 510,000 insured persons, at the beginning of March, the Health Insurance began to warn the victims of the data theft suffered by the organization.

A massive data leak. On March 17, Health Insurance communicated on the hacking of several Amelipro accounts. Thereby, surname, first name, date of birth, gender, social security number and “rights” information (namely according to the administration “declaration of a attending physician, allocation of complementary health insurance or state medical aid, possible 100% coverage”) are currently in the hands of cyber-criminals.

510 policyholders concerned

These are exactly 510,000 policyholders affected by this massive leak. Ameli specifies that the contact and bank details would not have been affected by the leak. The victims of this hack began to be contacted by the health organization.

Requested by RTLHealth Insurance confirms this information and also specifies that the first emails went out on Thursday March 24 to the victims. Some patients will be notified by mail starting this week.

The consequences can be significant since the compromised data includes the Number from security social in addition to identity and contact information patients.

The loss of the social security number exposes the victims of the data breach to one day being the subject of a identity theft. Especially since this number gives access to a multitude of online services via the FranceConnect platform, which centralizes more than 700 civil procedures such as taxes, the family allowance fund or the Health Insurance site, recalls RTL

What attitude to adopt?

If you receive an email, an SMS or a phone call, be sure to cross-check the information directly with the organization concerned, by calling the official number or by connecting yourself to the official site.

Never provide personal informationpassword or numeric code in the body of an email, in response to an SMS or on the phone without having verified the identity of your interlocutor.

It is as important as you secure access to your social security account.

Set a strong and unique password mixing numbers, capital letters and symbols.

What can be the remedies?

You can first get advice on the official CyberMalveillance victim assistance platform and then file a complaint with a police station or gendarmerie.

In a second step, the victims will be able to take legal action to claim compensation from the data controller. Before, it is imperative to demonstrate a fault on his part. A group action may also be initiated through an association or by seizing a lawyer representing several victims.

Authorities are also likely to offer an online pre-complaint form, details RTL.

A notification of the hack was sent to the CNIL on March 16, 2022, in accordance with the legislation in force in the field. A “criminal” complaint has been filed, provides health insurance.

Leave a Comment