After the third-party payment specialists Almerys and Viamedis, it is now the turn of the Caisse des Allocations Familiales (CAF) to be the victim of cyberhackers.
The hackers of the LulzSec group, who distinguished themselves in 2011 with various attacks targeting in particular the Japanese giant Sony and the CIA, this time claimed the theft of data from 600,000 accounts originating from the organization, as spotted the Actu.fr site.
To discover
PODCAST - Listen to the latest episode of our Tech Questions series
As proof, screenshots revealing the information of four accounts were distributed on Twitter and Telegram, followed by a blurred listing of supposedly thousands of others.
The information collected by the group contains in particular the name of the insured, their family information as well as the amount and date of payment of benefits.
“But no access to bank details (RIB) is possible
,” assures Le Figaro the National Family Allowance Fund (CNAF).
The four beneficiaries in question, whose data was compromised, were identified and notified by the CAF.
Access to the data of the 600,000 other accounts has not yet been verified and
“investigations are underway”,
specifies the organization.
No intrusion detected
CAF indicates that access to these four accounts was done
"without forcing the site's system, by providing passwords probably obtained elsewhere by the authors"
.
The hackers would therefore not have
“hacked”
the organization's systems, but simply got their hands on the passwords of the four accounts whose information was disseminated, in particular by exploiting other data leaks.
The site was closed for a few hours during the night of February 12 to 13 then reopened, but CAF assures that it has not detected any fault in its systems.
The teams are mobilized to monitor connection spaces.
A complaint was filed and a report to the CNIL was made.
If in doubt and before knowing the exact extent of the attack, it is recommended to change your password on the site.