The exposed dataset contained numerous French records, from population registry data to car insurance information, totalling tens of millions of records. The Cybernews research team believes the database was likely compiled by malicious actors.
-
Over 45M French records were exposed in an open database likely compiled by malicious data collectors.
-
The leaked data included voter registries, healthcare professional records, and automotive insurance information from multiple sources.
-
Researchers discovered the unprotected cloud server hosted in France and notified the hosting company to secure it.
-
Combining demographic, healthcare, and financial data enables attackers to commit identity theft, financial fraud, and social engineering attacks.
The open database contained millions of French-language personal records, which appear to be collected from multiple databases. According to our team, the exposed repository appears to include a population registry, a healthcare professionals’ register, financial and KYC data, and automotive insurance CRM information.
“Unlike traditional leaks caused by corporate misconfigurations, this exposure appears to be the work of a data broker or criminal collector. Such actors often merge stolen datasets from multiple breaches into unified databases to increase resale value and enable identity cross-linking,” the team explained.
Team from Cybernews identified
- Over 23 million entries resembling voter or demographic registry data with full names, addresses, and birthdates
- Around 9.2 million healthcare professional records, mirroring the format of France’s official RPPS/ADELI registries
- Over 6 million contact records from customer relationship management systems
- Roughly 6 million financial profiles, some containing IBANs and BICs tied to French banks
- Additional datasets linking vehicle registrations and insurance information to named individuals
(Courtesy: Cybernews.com)
