Cyber Incident Victim: Emoa Mutuelle du Var

In March 2022, confidential data belonging to policyholders of French insurance provider Emoa Mutuelle du Var was disclosed online, prompting the organization to notify affected subscribers. The company stated its technical teams urgently implemented security measures to address the breach and reinforce system protections following discovery of the malicious act. However, a significantly larger second breach occurred in April 2022, exposing personal information of over 80,000 policyholders. The organization remained unaware of this subsequent incident until informed by newspaper Libération, which discovered the data circulating on cybercriminal platforms. The compromised data included names, surnames, postal codes, birthdates, and email addresses, with more sensitive records such as Social Security numbers, banking coordinates, and passport photocopies exposed for some victims.

The exposed information appeared for sale on illicit platforms, substantially increasing risks of scams, phishing attempts, and identity theft for affected individuals. Administrative complications arising from potential identity fraud represented a significant secondary consequence for victims. Despite Emoa's previous security enhancements following the March incident, the April breach demonstrated persistent vulnerabilities in their systems. No evidence suggested the organization detected the second breach independently prior to media notification. The cumulative breaches exposed systemic security challenges at the insurer, with sensitive customer data compromised across two separate incidents within approximately one month.