Leak at Direct Assurance
In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.
- Victim
- Direct Assurance
On 18 March 2025, Direct Assurance — the online direct-insurance subsidiary of the AXA group — was hit by a data leak originating not from its own systems but from one of its commercial partners, Run Assurance. Attackers exploited a flaw in the data exchanges between the two companies to reach customer information, making this a third-party/supply-chain incident rather than a direct intrusion into Direct Assurance's infrastructure.
The data exposed in this March 2025 event was reported to be personal customer information; unlike the separate November 2024 breach claimed by the Near2tlg collective, banking details (IBAN/RIB) were not reported as compromised here. The leaked personal data nonetheless exposes affected individuals to a heightened risk of identity theft and of targeted phishing — in particular fraudulent calls from people posing as insurance agents to extract further sensitive information.
Exposed data categories reported for this incident:
- Customer names and contact details (personal identifying information)
- Other policy/customer-record fields handled in the Direct Assurance–Run Assurance data flow
The exact number of customers affected by this specific March 2025 incident was not disclosed in public reporting. This breach is distinct from the November 2024 Direct Assurance compromise (roughly 15,000 customers and prospects, with IBAN/RIB stolen) attributed to the Near2tlg group; the two should not be conflated.
Sources
- idprotect.frhttps://idprotect.fr/direct-assurance-une-cible-recurrente-des-cybercriminels-comment-proteger-votre-identite/
- solutions-numeriques.comhttps://www.solutions-numeriques.com/direct-assurance-victime-dune-fuite-de-donnees-rib-et-ibandans-la-nature/