Skip to content
Supply chainUnknown

Data leak at Wemind (via Allianz)

On 28 January 2026, a data leak affecting Wemind, the French neo-insurer for freelancers and small businesses, exposed members' contact details — names, postal addresses, email addresses and phone numbers — through its Allianz insurance/back-office channel.

Victim
Wemind

On 28 January 2026, Wemind — a French insurtech ("neo-assurance") that bundles health cover (mutuelle), income-protection (prévoyance) and professional liability for freelancers, the self-employed and small companies — was reported to have suffered a leak of member personal data.

Wemind does not underwrite its own risk; its products are carried by established insurers, with Allianz acting as the insurer/back-office partner through which the affected records flowed. The exposure was tied to that Allianz channel rather than to a direct compromise of Wemind's own systems, making it a third-party (supply-chain) data exposure.

The data confirmed as exposed was limited to policyholder contact details:

  • First and last name
  • Postal address
  • Email address
  • Phone number

No social-security numbers, health data or financial information were reported as part of this incident. The number of individuals affected has not been publicly disclosed, and the root cause and response remain unconfirmed; the leak was logged as confirmed by the breach tracker bonjourlafuite.eu.org. This event is distinct from the unrelated US Allianz Life breach of mid-2025 and from the May 2026 Almerys third-party-payment breach, and should not be conflated with either.

Sources

  1. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Wemind-2026-01-28

Related incidents

Supply chainContained

Leak at Alan (via Almerys)

On 23 May 2026, French digital health insurer Alan warned members that a cyberattack on its third-party claims processor Almerys had exposed their personal data — names, dates of birth, social security numbers and insurance contract details — though payment, password and health data were spared.

Victim
Alan
Supply chainContained

Leak at ASAF & AFPS (via Itelis)

Members of insurer ASAF & AFPS had personal data exposed after a breach at Itelis, the optical-care network processing their claims; names, dates of birth, social security numbers, claim records and vision-correction data from 2020-2022 were affected.

Victim
ASAF & AFPS
Supply chainContained

Leak at AG2R la Mondiale (via Itelis)

Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

Victim
AG2R la Mondiale
Supply chainContained

Leak at La Nef

In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

Victim
La Nef