Skip to content
Supply chainContained

Leak at MAIF & BPCE

A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.

Victim
MAIF & BPCE

On 28 March 2025, MAIF & BPCE — a major French mutual insurer and one of France's largest banking groups — disclosed that customer data had been exposed following a cyberattack on Harvest, a Paris-based provider of wealth-management software used by a large share of French financial advisers and private banks.

The incident was a supply-chain breach: Harvest's internal systems were hit by ransomware around 27 February 2025, an attack later claimed by the Run Some Wares group using double-extortion tactics (data encryption plus the threat of public disclosure). Because MAIF Solutions Financières and entities of the BPCE group (14 Banques Populaires and 15 Caisses d'Épargne) relied on Harvest's tools, customer records held in that environment were exfiltrated and ultimately published on the attackers' leak site.

Exposed data categories included:

  • Name, gender and date of birth
  • Marital and professional status
  • Postal address, email address and phone number
  • Income and asset information (MAIF clients)
  • Member number; for some BPCE clients, securities-account numbers and balances

MAIF and BPCE stated that no passwords, identity documents or bank account details (RIB) were compromised. Both institutions notified affected customers and warned of the heightened risk of phishing, fraudulent calls and identity theft, advising vigilance against any unsolicited contact referencing their accounts.

Sources

  1. leparisien.frhttps://www.leparisien.fr/economie/votre-argent/fuite-de-donnees-pour-les-clients-maif-et-banque-populaire-caisse-depargne-que-faire-si-vous-etes-concerne-22-03-2025-J56UD4GFSNELRANHK5ICRQ66I4.php
  2. francesoir.frhttps://www.francesoir.fr/societe-science-tech/fuite-de-donnees-chez-la-maif-et-la-bpce-apres-une-cyberattaque-fin-fevrier
  3. gbhackers.comhttps://gbhackers.com/harvest-ransomware-attack/
  4. clubic.comhttps://www.clubic.com/actualite-558291-les-donnees-des-clients-de-banque-populaire-caisse-d-epargne-et-maif-en-danger-apres-cette-cyberattaque-massive.html

Related incidents

Supply chainContained

Leak at ASAF & AFPS (via Itelis)

Members of insurer ASAF & AFPS had personal data exposed after a breach at Itelis, the optical-care network processing their claims; names, dates of birth, social security numbers, claim records and vision-correction data from 2020-2022 were affected.

Victim
ASAF & AFPS
Supply chainContained

Leak at AG2R la Mondiale (via Itelis)

Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

Victim
AG2R la Mondiale
Supply chainContained

Leak at La Nef

In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

Victim
La Nef
Supply chainContained

Leak at Direct Assurance

In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

Victim
Direct Assurance