Credit cards, health checks… What data was stolen during the cyberattack against the Cannes hospital?

Credit cards, health checks… What data was stolen during the cyberattack against the Cannes hospital?
Credit cards, health checks… What data was stolen during the cyberattack against the Cannes hospital?

This is where a new crisis begins, we are entering a new phase from a cybercriminal point of view“. This is how ethical hacker and cybersecurity researcher SaxX describes the logical continuation of the cyberattack of April 16 against the Simone-Veil hospital in Cannes.

And this new phase very much resembles a cure: the 61 gigabytes of hacked and stolen personal data, now available on the darkweb, will be consulted, dissected, sorted, reorganized… and resold.

But what is it exactly?

We find health check-ups, pediatric, psychological assessments… Basically a lot of critical information on patients at the Cannes hospital. The data of all staff is also included… identity card, RIB, pay slip, personal information.” revealed SaxX this Thursday, May 2 on X (formerly Twitter).

Many ways to use personal data

The ethical hacker, who was able to view part of the hacked data, took care to conceal the sensitive information of clients and hospital staff.

But this is where all the interest lies for the “little hands” now at work to resell and circulate this data: the latter will be able to resell lots of information which can be very interesting, on several levels.

Imagine that tomorrow, one of your family members, who went through the Cannes University Hospital, wants to take out a loan. Tomorrow, I am an insurer, I will have direct access to this information.

Personal information which will be able to directly influence the bank’s decision. “Today, there is a real parallel market on which the data concerning people’s health and solvency are bought by bankers, insurers.”, continues SaxX.

But that’s not all. “Tomorrow, I’ll call you and pretend to be your banker by giving you this information: I’ll tell you that we’re going to re-evaluate your rate and you’ll provide other, much more personal information, because you’ll feel totally confident. This is where it is totally insidious.

Targeted phishing

The personal data disclosed will also enable geolocalized and highly targeted phishing campaigns. The latter generally follow well-established calendars, such as with CAF aid, or during larger events, such as the Olympic Games or European elections.

Targeted users then find it logical to receive an e-mail that “sticks” to the temporality of the event.

Closer to home, there is the Cannes Film Festival. “Why not send a message to the people of Cannes to offer them the opportunity to win a place at a special screening. You are from Cannes, it’s one euro, go for it, there are only 10 places available“, imagines the hacker SaxX.

And you must then enter your bank details, etc. It’s the gear.

-

-

PREV More and more people are stressed at work
NEXT How to follow the Boucles de la Mayenne 2024 live on TV or streaming?