Justice is trying to limit the damage.
The Paris court on Thursday ordered the four French Internet service providers to immediately block a site that hosted a file containing sensitive data on nearly 500,000 people in France, after a major leak that affected laboratories of medical analysis.
Seized in summary proceedings by the Commission informatique et libertés (Cnil), the court ordered the operators Orange, SFR, Bouygues Telecom and Free to implement this blocking without delay and for a period limited to 18 months.
The free file hosting service targeted by the block had registered its domain name in July 2020 with an extension corresponding to the island of Guernsey.
It is distributed by the American content accelerator Cloudflare, "which left Cnil's requests unanswered".
The army and intelligence affected by the leak
The committee noted that a direct link to the contested file hosted on this service was made freely available on a discussion forum.
The precise address of the file could not be effectively targeted, the blocking of the service was finally retained by the courts.
"Putting this file online, containing a great deal of data relating to the identity and health of nearly 500,000 people, constitutes a serious and immediate violation of the rights of the persons concerned, in particular the right to respect for life. private ”, considered the court.
This Thursday, the specialized site Intelligence Online affirms that the French army, including the foreign intelligence services, were concerned by the recent hacking of the contact details of nearly 500,000 people including contact details and sensitive medical data.
“The database contains, according to our records, the same data from at least 1,767 soldiers.
The latter are identifiable by their affiliation to the National Military Social Security Fund of Toulon ", assures the site, which specifies that" A thousand of them are located in Evreux, of which more than 230 are explicitly attached to the air base 105 ( ...).
The latter houses three squadrons, including the GAM-56 (Mixed Air Group 56 Vaucluse), the air unit of the action service of the DGSE ”, the General Directorate for External Security.
The publisher of software for healthcare establishments Dedalus France said for its part to have identified among its customers 28 laboratories affected by this leak of medical data, revealed by the media earlier in the week.
These laboratories were located in 6 departments in the Brittany, Center-Val-de-Loire and Normandy regions.
A file comprising 491,840 names, associated with contact details (postal address, telephone, email) and a social security registration number circulated freely on at least one forum referenced by search engines.
These names were sometimes accompanied by indications on the blood group, the attending physician or the mutual, or comments on the state of health (including a possible pregnancy), drug treatments or pathologies (in particular HIV).
Since then, piracy has been investigated by the National Information Systems Security Agency (Anssi), the Ministry of Solidarity and Health, in conjunction with the Cnil and the software publisher, and a judicial investigation entrusted to the cybercrime section of the Paris prosecutor's office.