A data breach might have exposed personal information belonging to 5,400 customers of the French life insurance agency AXA.
The firm began sending out e-mails notifying affected customers of the incident on 7 September. AXA expects it will send out the last of these alerts by the end of the day on 8 September.
As quoted by The Straits Times, here’s what the firm’s data protection officer Eric Lelyon says in the breach notice:
“We wish to inform you that because of a recent cyber attack, personal data belonging to about 5,400 of our customers, past and present, on our Health Portal was compromised.”
Leylon goes on to specify that the incident possibly exposed customers’ email addresses, dates of birth, and mobile phone numbers they used to receive one-time passcodes (OTPs) when logging into the firm’s portal. He says there’s no evidence at this time to suggest that the breach exposed anyone’s financial data, health status, ID number, or any other information. Even so, AXA’s data protection officer warns that attackers could abuse the breached data in an attempt to phish for even more sensitive personal details.
Bill Taylor-Mountford, LogRhythm’s Asia-Pacific Japan vice president, finds this last point troubling. He elaborates on this concern to ZDNet:
“In this instance, there was no mention how long the attackers stayed within the system, but it is worrying that customers who may be targets of phishing attacks over the last few months were warned that it may be connected to this incident.
“The attack on AXA is another clear indication that cyber attackers will go after any industries. Attackers will inadvertently find a way to get in, therefore, it is more important to kick them out before they can do real damage.”
AXA has filed a police report and is currently working with the authorities to better understand what happened. While its investigation continues, customers should use these expert tips to change their passwords for the firm’s portal. They should also familiarize themselves with the telltale signs of common phishing attacks and do all they can to protect themselves against bad actors who might seek to steal their compromised mobile phone numbers.
News of this breach came on the same day that U.S. credit reporting firm Equifax disclosed a “cybersecurity incident” that may have affected 143 million U.S. consumers.