Share
In a security failure of unprecedented scale for the region, the Cybernews research team has discovered an unprotected cloud database containing over 45 million records belonging to French citizens.
The exposed dataset, which was hosted on a server within France, represents a catastrophic privacy risk due to the highly sensitive and diverse nature of the information involved.
According to the researchers, the repository appears to be an amalgamation of data from at least five unrelated sources. This suggests that the leak was not a simple corporate misconfiguration but likely the work of a data broker or criminal collector.These actors typically merge stolen datasets from multiple previous breaches to create unified “identity graphs,” significantly increasing the resale value on the dark web.
The sheer variety of the stolen records is particularly alarming. The Cybernews team identified over 23 million entries resembling population or voter registries, which include full names, physical addresses, and dates of birth. Such data provides a foundational layer for identity theft and highly targeted physical or digital fraud.
Beyond basic demographics, the leak heavily impacted the healthcare and financial sectors. Researchers found approximately 9.2 million records of healthcare professionals, mirroring official French registries.
Furthermore, the database held 6 million financial profiles, some of which contained sensitive banking details including IBAN and BIC banking details, along with another 6 million records linking named individuals to their vehicle registrations and insurance information.
The researchers warn that the combination of this data allows attackers to perform sophisticated “social engineering” attacks and financial fraud. By linking a person’s home address to their bank details and insurance status, criminals can build detailed profiles to infiltrate critical business systems or commit impersonation crimes.
The discovery follows a troubling trend of cyberattacks in France, including recent breaches at the Ministry of the Interior and several major universities. After being alerted by the Cybernews team, the hosting company took the database offline, though it remains unknown how long the information was accessible to other malicious parties before it was secured.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.