Skip to content
Data breachContained

Leak at Itelis

In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis

On 25 November 2025, Itelis — a French health-care network platform that connects opticians with insurers (notably AXA) to manage optical-care coverage — publicly disclosed a cyberattack that exposed the personal data of beneficiaries enrolled in its reimbursement programmes.

The intrusion was carried out around mid-November 2025 (the platform was taken offline after an incident on 12 November) and did not rely on malware or a classic backdoor. Instead, attackers reportedly used identity usurpation to gain access to the system, then exfiltrated personal data tied to optical care provided between 2020 and the first quarter of 2022. Roughly 1.6 million beneficiaries are believed to be affected; the higher "5 million" figure circulated in early reports referred to raw records rather than confirmed individuals.

The exposed data covered identity and health-administrative fields:

  • First and last name
  • Date of birth
  • Social security number (NIR)
  • File/dossier number
  • Optical correction data and reimbursement details
  • Potentially phone numbers

Banking details, postal and email addresses, and login credentials (usernames and passwords) were not affected. Itelis notified the CNIL, filed a criminal complaint with the public prosecutor, and warned affected individuals to stay alert to phishing campaigns seeking to harvest additional personal or financial information.

Sources

  1. bfmtv.comhttps://www.bfmtv.com/tech/cybersecurite/la-plateforme-itelis-a-ete-victime-d-un-piratage-les-donnees-privees-d-utilisateurs-liees-aux-remboursements-de-frais-d-optique-ont-ete-derobees-attention-aux-campagnes-de-phishing_AV-202511240584.html
  2. acuite.frhttps://www.acuite.fr/actualite/ocam/323834/la-plateforme-de-soins-itelis-victime-dune-cyberattaque-concernant-des-donnees
  3. next.inkhttps://next.ink/brief_article/fuite-de-donnees-personnelles-chez-itelis-axa-nom-dossier-correction-numero-secu/

Related incidents

Data breachContained

Leak at Médecin Direct

MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Médecin Direct
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda
Data breachOngoing

Leak at Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie

A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.

Victim
Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie
Data breachContained

Leak at Agence Régionale de Santé des Hauts-de-France

A cyberattack on the shared regional health platform (Prédice/GIP Inéa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.

Victim
Agence Régionale de Santé des Hauts-de-France