Leak at Meilleurtaux
In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.
- Victim
- Meilleurtaux
On 30 September 2024, Meilleurtaux β one of France's largest online brokers of mortgage loans, consumer credit and insurance β notified its customers that it had suffered a data breach. The company said it had detected an external attack on its IT systems, which it quickly halted, and that the incident affected people who had recently requested support or a quote from Meilleurtaux.
The broker did not disclose how the systems were compromised or how many individuals were impacted. The exposed information was nonetheless described as highly sensitive, making affected customers prime targets for convincing phishing and impersonation scams in which fraudsters pose as a banking or real-estate advisor.
Exposed data categories included:
- First and last name
- Date and country of birth
- Postal address and phone number
- Family situation
- Professional/employment status
- Income
Meilleurtaux stated it had stopped the attack and warned customers to be vigilant against phishing attempts. The exact number of records exposed was not made public, and no group publicly claimed responsibility at the time of disclosure.
Sources
- numerama.comhttps://www.numerama.com/cyberguerre/1817354-le-site-meilleurtaux-a-subi-une-cyberattaque-attention-aux-tentatives-de-phishing.html
- usine-digitale.frhttps://www.usine-digitale.fr/article/le-courtier-meilleurtaux-victime-d-une-cyberattaque-des-donnees-sensibles-exposees.N2219647
- larevuedudigital.comhttps://www.larevuedudigital.com/le-courtier-meilleurtaux-victime-dun-vol-de-donnees-personnelles/
- next.inkhttps://next.ink/brief_article/meilleurtaux-laisse-aussi-fuiter-une-ribambelle-de-donnees-personnelles/