Skip to content
Data breachContained

Leak at Meilleurtaux

In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.

Victim
Meilleurtaux

On 30 September 2024, Meilleurtaux β€” one of France's largest online brokers of mortgage loans, consumer credit and insurance β€” notified its customers that it had suffered a data breach. The company said it had detected an external attack on its IT systems, which it quickly halted, and that the incident affected people who had recently requested support or a quote from Meilleurtaux.

The broker did not disclose how the systems were compromised or how many individuals were impacted. The exposed information was nonetheless described as highly sensitive, making affected customers prime targets for convincing phishing and impersonation scams in which fraudsters pose as a banking or real-estate advisor.

Exposed data categories included:

  • First and last name
  • Date and country of birth
  • Postal address and phone number
  • Family situation
  • Professional/employment status
  • Income

Meilleurtaux stated it had stopped the attack and warned customers to be vigilant against phishing attempts. The exact number of records exposed was not made public, and no group publicly claimed responsibility at the time of disclosure.

Sources

  1. numerama.comhttps://www.numerama.com/cyberguerre/1817354-le-site-meilleurtaux-a-subi-une-cyberattaque-attention-aux-tentatives-de-phishing.html
  2. usine-digitale.frhttps://www.usine-digitale.fr/article/le-courtier-meilleurtaux-victime-d-une-cyberattaque-des-donnees-sensibles-exposees.N2219647
  3. larevuedudigital.comhttps://www.larevuedudigital.com/le-courtier-meilleurtaux-victime-dun-vol-de-donnees-personnelles/
  4. next.inkhttps://next.ink/brief_article/meilleurtaux-laisse-aussi-fuiter-une-ribambelle-de-donnees-personnelles/

Related incidents

Data breachContained

Leak at Banque de France

On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.

Victim
Banque de France
Data breachContained

Leak at Direct Assurance

In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects β€” including the IBAN/RIB banking details of about 5,800 of them β€” later offered for sale online.

Victim
Direct Assurance
Records
15.0K
Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA β€” a French real-estate tokenization and fractional-investment fintech β€” up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K