Cyber Incident Victim: Uniprévoyance

Uniprévoyance detected a cyberattack on May 20, 2024, at 18:30 local time. The institution immediately activated its Business Continuity Plan and isolated its information systems upon detection to contain the incident. Authorities including CNIL, ANSSI, and ACPR were notified alongside partners and clients as part of the initial response protocol. The IT department, supported by external cyber crisis specialists, prioritized investigating the attack's scope while working to restore affected systems. Operational impacts were asymmetrical across business lines: Health insurance services remained fully functional without disruption, while Provident insurance operations experienced partial processing limitations. Management emphasized efforts to maintain client and partner service continuity despite these constraints, though some Provident claim handling required manual workarounds during system isolation.

By the publication date of the notice (also May 20, 2024), Uniprévoyance confirmed completion of both the isolation and forensic investigation phases. No lateral movement or propagation to partner networks was identified during these stages. System restoration efforts were projected to conclude in early July 2024, with operations resuming incrementally rather than through an immediate full recovery. Separately, the institution disclosed a related compromise involving third-party payment processors used by certain health contract delegates, where attackers potentially exfiltrated personal data including names, first names, and dates of birth. This ancillary breach did not originate from Uniprévoyance's core systems but affected delegated administrators relying on the compromised processors. The organization established a dedicated email contact ([email protected]) for additional inquiries regarding the incident while continuing restoration work on its isolated infrastructure.