Skip to content
Data breachContained

Leak at Direct Assurance

In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects — including the IBAN/RIB banking details of about 5,800 of them — later offered for sale online.

Victim
Direct Assurance
records
15.0K

On 19 November 2024, Direct Assurance — the online auto and home insurance arm of AXA in France — was reported to have suffered a data breach after an attacker compromised the credentials of one of its employees. The intrusion was traced to 14 November 2024, and the stolen records were subsequently advertised for sale on a hacking forum by an actor going by "near2tlg".

The attacker claimed to have exfiltrated the personal data of 6,137 clients and 9,517 prospects — roughly 15,000 people in total — with the banking details (IBAN/RIB) of about 5,800 of them included. The dataset was offered to a limited number of buyers in JSON format.

Exposed data categories included:

  • Full names
  • Email addresses
  • Phone numbers
  • Banking details (IBAN/RIB) — for clients only

The breach exposes affected individuals to a heightened risk of phishing, banking fraud, and identity theft. The same actor was linked to a series of other 2024 attacks against French targets, including SFR, the news outlet Le Point, and healthcare data. Direct Assurance moved to revoke the compromised access; the incident appears contained, though full details of the company's response were not publicly confirmed at the time of reporting.

Sources

  1. zataz.comhttps://www.zataz.com/cyberattaque-sur-direct-assurance-un-pirate-parle-de-milliers-de-clients-et-prospects-exposes/
  2. usine-digitale.frhttps://www.usine-digitale.fr/article/25-11-2024-les-donnees-personnelles-de-15-000-clients-de-direct-assurance-volees-par-un-hacker.N2222992

Related incidents

Supply chainContained

Leak at Direct Assurance

In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

Victim
Direct Assurance
Data breachContained

Leak at Banque de France

On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.

Victim
Banque de France
Data breachContained

Leak at Meilleurtaux

In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.

Victim
Meilleurtaux
Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K