Leak at Malakoff Humanis (via Itelis)
In November 2025, optical-care platform Itelis was breached via the impersonation of a partner optician, exposing health and identity data of Malakoff Humanis (and AXA) members from optical reimbursement claims processed between 2020 and 2022.
- Victim
- Malakoff Humanis
On 24 November 2025, Malakoff Humanis — a major French health and pension insurer (mutuelle/prévoyance) — disclosed that member data had been exposed through a breach of Itelis, the optical-care network it uses to manage and reimburse vision claims. The incident was not a direct compromise of Malakoff Humanis systems but of its third-party processor, affecting several insurers that rely on Itelis, including AXA/APRS and AG2R.
The attacker gained access by impersonating a legitimate partner optician, using the trusted partner interface to query and exfiltrate optical reimbursement records rather than breaching the platform directly. Banking details, login credentials, postal addresses and email addresses were reportedly not compromised, which points to fraudulent use of partner access rather than a full database intrusion.
The exposed records related to optical claims processed roughly between 2020 and early 2022 and included:
- Full names and dates of birth
- Social security (national insurance) numbers
- Claim/dossier reference numbers
- Optical reimbursement details and visual-correction (prescription) data
- Possibly phone numbers
Itelis filed a complaint with the public prosecutor and notified the French data protection authority (CNIL). Because the leaked data combines health identifiers with personal details, the main risk is targeted phishing and social-engineering — AXA, for instance, warned members to be wary of unsolicited requests to modify their contracts. The exact number of affected Malakoff Humanis members was not disclosed, and the investigation remained ongoing.
Sources
- stroople.comhttps://www.stroople.com/data-breach-observatory/data-breach-itelis-november-2025/
- next.inkhttps://next.ink/brief_article/fuite-de-donnees-personnelles-chez-itelis-axa-nom-dossier-correction-numero-secu/
- frenchbreaches.comhttps://frenchbreaches.com/alertes/itelis-impactant-aprs-axa-malakoff-humanis-ag2r--b73e8c179406