Leak at MAIF & BPCE
A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.
- Victim
- MAIF & BPCE
On 28 March 2025, MAIF & BPCE — a major French mutual insurer and one of France's largest banking groups — disclosed that customer data had been exposed following a cyberattack on Harvest, a Paris-based provider of wealth-management software used by a large share of French financial advisers and private banks.
The incident was a supply-chain breach: Harvest's internal systems were hit by ransomware around 27 February 2025, an attack later claimed by the Run Some Wares group using double-extortion tactics (data encryption plus the threat of public disclosure). Because MAIF Solutions Financières and entities of the BPCE group (14 Banques Populaires and 15 Caisses d'Épargne) relied on Harvest's tools, customer records held in that environment were exfiltrated and ultimately published on the attackers' leak site.
Exposed data categories included:
- Name, gender and date of birth
- Marital and professional status
- Postal address, email address and phone number
- Income and asset information (MAIF clients)
- Member number; for some BPCE clients, securities-account numbers and balances
MAIF and BPCE stated that no passwords, identity documents or bank account details (RIB) were compromised. Both institutions notified affected customers and warned of the heightened risk of phishing, fraudulent calls and identity theft, advising vigilance against any unsolicited contact referencing their accounts.
Sources
- leparisien.frhttps://www.leparisien.fr/economie/votre-argent/fuite-de-donnees-pour-les-clients-maif-et-banque-populaire-caisse-depargne-que-faire-si-vous-etes-concerne-22-03-2025-J56UD4GFSNELRANHK5ICRQ66I4.php
- francesoir.frhttps://www.francesoir.fr/societe-science-tech/fuite-de-donnees-chez-la-maif-et-la-bpce-apres-une-cyberattaque-fin-fevrier
- gbhackers.comhttps://gbhackers.com/harvest-ransomware-attack/
- clubic.comhttps://www.clubic.com/actualite-558291-les-donnees-des-clients-de-banque-populaire-caisse-d-epargne-et-maif-en-danger-apres-cette-cyberattaque-massive.html