Data leak at UTwin
On 5 March 2025, French borrower-insurance broker UTwin notified clients that an intrusion into its IT system had temporarily exposed identity details, email addresses and phone numbers; the company said no banking, medical or contract data was affected.
- Victim
- UTwin
On 5 March 2025, UTwin β a French broker specialising in borrower insurance (assurance emprunteur) β began notifying customers that it had discovered an intrusion into its information system. According to the notification message sent to affected clients, the breach was "quickly controlled" but may have temporarily made certain personal information accessible.
UTwin did not disclose the technical details of the attack or how the intruders gained access. The company stressed that the exposure was limited to contact and identity data, and that no banking, medical or insurance-contract information was compromised.
Exposed data categories reported by affected customers:
- Identity details (names)
- Email addresses
- Phone numbers
UTwin said it had contained the incident, reinforced its security measures, and declared the breach to the competent authorities in line with its regulatory obligations (notification to the French data-protection regulator, the CNIL). The number of individuals affected was not publicly disclosed. Recipients were advised to stay alert to phishing attempts using the leaked contact details.
Sources
- moneyvox.frhttps://www.moneyvox.fr/forums/fil/piratage-donnees-personnelles-chez-lassureur-utwin.52139/
- utwin.frhttps://www.utwin.fr/donnees-personnelles/