Skip to content
Supply chainContained

Leak at Direct Assurance

In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

Victim
Direct Assurance

On 18 March 2025, Direct Assurance — the online direct-insurance subsidiary of the AXA group — was hit by a data leak originating not from its own systems but from one of its commercial partners, Run Assurance. Attackers exploited a flaw in the data exchanges between the two companies to reach customer information, making this a third-party/supply-chain incident rather than a direct intrusion into Direct Assurance's infrastructure.

The data exposed in this March 2025 event was reported to be personal customer information; unlike the separate November 2024 breach claimed by the Near2tlg collective, banking details (IBAN/RIB) were not reported as compromised here. The leaked personal data nonetheless exposes affected individuals to a heightened risk of identity theft and of targeted phishing — in particular fraudulent calls from people posing as insurance agents to extract further sensitive information.

Exposed data categories reported for this incident:

  • Customer names and contact details (personal identifying information)
  • Other policy/customer-record fields handled in the Direct Assurance–Run Assurance data flow

The exact number of customers affected by this specific March 2025 incident was not disclosed in public reporting. This breach is distinct from the November 2024 Direct Assurance compromise (roughly 15,000 customers and prospects, with IBAN/RIB stolen) attributed to the Near2tlg group; the two should not be conflated.

Sources

  1. idprotect.frhttps://idprotect.fr/direct-assurance-une-cible-recurrente-des-cybercriminels-comment-proteger-votre-identite/
  2. solutions-numeriques.comhttps://www.solutions-numeriques.com/direct-assurance-victime-dune-fuite-de-donnees-rib-et-ibandans-la-nature/

Related incidents

Supply chainContained

Leak at AG2R la Mondiale (via Itelis)

Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

Victim
AG2R la Mondiale
Supply chainContained

Leak at La Nef

In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

Victim
La Nef
Supply chainContained

Leak at MAIF & BPCE

A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.

Victim
MAIF & BPCE