Nearly one in two French people had their data stolen in a massive cyber security breach at two health insurance companies.

More than 33 million people in France – almost half its population – have been affected by the country’s largest ever cyberattack.

Two French service providers for medical insurance companies were targeted, with the companies admitting that the data of millions of people was exposed to hackers.

“This is the first time that there has been a breach on such a large scale,” Yann Padova, a lawyer specializing in digital data protection and former secretary general of the French data protection authority (CNIL), told the French broadcaster. franceinfo on Thursday.

According to Padova, this is “the largest security breach in France”.

This is what we know about the attacks and what data was stolen.

What happened?

Two companies – Viamedis and Almerys – are service providers for medical insurance companies. They were the victims of a cyber attack that occurred over a span of five days in early February.

According to the first provider, Viamedis, hackers phished and used the logins of healthcare professionals to get into the system.

Almeriz said the hackers did not break into its central system, but instead accessed a portal used by health professionals.

Both providers have filed complaints with the public prosecutor and an investigation is underway.

What data was stolen?

More than 33 million people – just under half of the French population – were affected by the data leak, which included details such as “marital status, date of birth and social security number, the name of the health insurer and the cover provided by the policy”. The number of individuals affected according to the French data protection authority (CNIL).

The CNIL assures that “no bank details, medical data, postal addresses, telephone numbers or e-mails are involved”.

what are the consequences?

“Tiers Payant”, a payment system in which the patient does not have to pay the full cost of medical services in advance, may be unavailable to some health professionals but is still available to patients.

CNIL warned users of phishing risks, especially as the new leaked data could be combined with other information from previous data breaches.

Users should be especially careful to double-check the authenticity of emails, texts and calls claiming to be from official organizations.

Those whose data has been compromised will be contacted individually by their health insurance to notify them in order to comply with GDPR guidelines.

