Cyber Incident Victim: Emoa Mutuelle du Var
Date:
Mar 2022
Location:
France
Summary
A French health insurer experienced two significant data breaches affecting over 80,000 members, with the second incident exposing substantially more sensitive information than the initial compromise. Personal details including names, birthdates, postal codes, email addresses, and in some cases Social Security numbers, banking coordinates, and passport copies were leaked onto cybercriminal platforms. The organization was unaware of the larger breach until notified by external parties, despite having implemented security enhancements following the first incident. The exposed data creates risks of phishing attempts, financial fraud, and identity theft for affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2022, confidential data belonging to clients of French health insurer Emoa Mutuelle du Var was disclosed online, marking the initial breach in this incident. The compromised information included sensitive personal details, prompting the organization to notify affected subscribers. Emoa stated its technical teams urgently implemented security measures to address the situation and strengthen system protections following the discovery of this malicious act. However, a significantly larger breach occurred in April 2022, exposing far more extensive data than the March incident. The insurer remained unaware of this subsequent breach until informed by journalists from Libération, who discovered the data circulating on cybercriminal platforms. This second exposure involved personal information from over 80,000 policyholders, substantially expanding the scope beyond the initial breach.
The April breach exposed highly sensitive identifiers including full names, postal codes, birthdates, and email addresses. For some victims, the leaked data extended to national Social Security numbers, banking coordinates, and scanned passport copies. This comprehensive dataset appeared for sale on illicit online platforms, creating substantial fraud risks for affected individuals. The exposure left victims vulnerable to phishing schemes, financial scams, and potential identity theft, which could lead to complex administrative challenges for those impacted. Despite Emoa's previous assurances about enhanced security measures following the March breach, the recurrence demonstrated persistent vulnerabilities. The company's delayed awareness of the April breach—dependent on external media notification rather than internal detection systems—highlighted ongoing gaps in their incident response capabilities.