Skip to content
Data breachContained

Data leak at UTwin

On 5 March 2025, French borrower-insurance broker UTwin notified clients that an intrusion into its IT system had temporarily exposed identity details, email addresses and phone numbers; the company said no banking, medical or contract data was affected.

Victim
UTwin

On 5 March 2025, UTwin β€” a French broker specialising in borrower insurance (assurance emprunteur) β€” began notifying customers that it had discovered an intrusion into its information system. According to the notification message sent to affected clients, the breach was "quickly controlled" but may have temporarily made certain personal information accessible.

UTwin did not disclose the technical details of the attack or how the intruders gained access. The company stressed that the exposure was limited to contact and identity data, and that no banking, medical or insurance-contract information was compromised.

Exposed data categories reported by affected customers:

  • Identity details (names)
  • Email addresses
  • Phone numbers

UTwin said it had contained the incident, reinforced its security measures, and declared the breach to the competent authorities in line with its regulatory obligations (notification to the French data-protection regulator, the CNIL). The number of individuals affected was not publicly disclosed. Recipients were advised to stay alert to phishing attempts using the leaked contact details.

Sources

  1. moneyvox.frhttps://www.moneyvox.fr/forums/fil/piratage-donnees-personnelles-chez-lassureur-utwin.52139/
  2. utwin.frhttps://www.utwin.fr/donnees-personnelles/

Related incidents

Data breachUnknown

Leak at PayTrip

On 27 December 2025, French money-transfer fintech PayTrip suffered a data breach exposing data on 74,877 customers, including names, contact details, IBANs and account balances, later circulated online by a threat actor.

Victim
PayTrip
Records
74.9K
Data breachContained

Leak at Mutuelle des Motards

In February 2025, French motorcycle insurer Mutuelle des Motards suffered a breach of a marketing contact database, exposing names, email addresses, phone numbers and postal codes of more than 1.3 million members.

Victim
Mutuelle des Motards
Records
1.3M
Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA β€” a French real-estate tokenization and fractional-investment fintech β€” up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K