- Home
- Cybersecurity
- Repeated Data Breaches: The Wake-Up Call?
Repeated Data Breaches: The Wake-Up Call?
Data breaches seem to follow one another endlessly. After Sofinco, Meilleurtaux, Avis, Boulanger, Bayard, Cultura, Carrefour, Molotov TV, Free, and SFR in recent months or weeks, Auchan, the weekly Le Point, Direct Assurance, and Mediboard (an open-source hospital management application) have recently fallen victim to cybercriminals.
A survey published last July by Okta, a specialist in identity management and protection, reveals that 94% of French respondents are concerned about identity theft. Over half (58%) claim to have become aware of their digital footprint over the past year, driven by the increase in cyberattacks (53%) and the rise of AI (26%).
The same Okta study shows that respondents view online banking services as the primary target for cybercriminals (59%). Surprisingly, they are much less concerned about social media and professional accounts, other frequent targets for hackers. Only 3% believe their social media profiles are prime targets, despite being a rich source of personal data, and 4% say the same about their professional accounts. However, recent studies from 2023 indicate that 1.4 billion social media accounts are hacked each month, mostly on Instagram. These hacks enable cybercriminals to harvest vast amounts of personal data and conduct phishing campaigns using a “trusted” profile.
Another survey, published by the French Banking Federation, confirms that the French are increasingly aware of the sensitive nature of their personal data, with nine out of ten regarding their banking data as the most critical.
“Identity is the gateway to every initial experience in the digital world. Considering its pivotal role in tech and networks, it’s no surprise that identity-based attacks have become a prime target for malicious actors,” says Matt Ellard, SVP, GM EMEA at Okta.
Free: A Data Breach Affecting 19 Million Customers
The massive data breach experienced by Free at the end of October left a significant impression. Understandably so: 19 million customers had their data exfiltrated, including five million IBANs.
“The sale of Free’s customer data is deeply concerning. It provides cybercriminals with precise information to easily deceive victims. Imagine receiving a call from a ‘consultant’ who gains your trust by sharing your IBAN — it becomes much easier to fall for the scam,” notes Loïc Guézo, Cybersecurity Strategy Director at Proofpoint.
“We can expect numerous smishing attempts in the coming weeks. This attack serves as yet another reminder of the critical importance of information protection. A breach of this scale poses significant risks to French citizens, many of whom remain unaware of cybersecurity threats,” Guézo adds.
Phone Numbers: As Strategic as Fingerprints
Among the sensitive information circulating on the dark web is a key piece of data: phone numbers. Over the years, phone numbers have become a vital identifier, used for authentication across numerous platforms, including social media, online services, and banking apps.
With the widespread use of two-factor authentication, hijacking a phone number can grant unauthorized access to highly valuable data. Using the information gathered from recent breaches (name, address, email, etc.), hackers can contact a victim’s telecom provider to have their number reassigned to a new SIM card under their control. This enables them to intercept messages, such as one-time passwords, granting access to personal and financial accounts. Victims typically only realize the scam when their mobile network fails or they notice suspicious activity on their accounts.
“In our interconnected world, phone numbers have become, like fingerprints, a highly utilized personal identifier. Securing them is essential. By recognizing the risks of misuse and the potential for compromise, it’s possible to prevent significant losses. Vigilance, combined with proven cybersecurity solutions, can create a robust defense system against various threats,” comments Anna Larkina, Web Analyst Expert at Kaspersky.
Good Practices Gradually Becoming Habit
Following the recent cyberattacks on French companies, one thing is clear: these incidents are leading to a form of “forced” awareness among citizens regarding basic “cyber hygiene.” According to the French Banking Federation study, the French exhibit good knowledge of different types of online scams, such as phishing (87%), fake banking advisors (85%, +3 points), and romance fraud (82%, +2 points).
When receiving a suspicious message, over half of the French report neither opening nor forwarding it (55%), a 4-point increase in one year. Additionally, fewer people respond to dubious solicitations, such as calls from a banking advisor asking them to conduct remote transactions (19%, -5 points), or emails/texts from their bank inviting them to click on a link (16%, -4 points).
However, younger generations are less concerned about data protection than the average French citizen: 79% of those under 35 consider their banking data sensitive, compared to 90% on average. They also appear less cautious in their cybersecurity practices, particularly concerning sharing banking data and password management. For instance, 53% save their banking data on e-commerce sites (compared to 31% on average), and only 69% use long, complex, and unique passwords for each account (compared to 75% on average).
“Be wary of unsolicited emails, texts, or calls, especially if they urge you to take ‘urgent’ action or make a payment. Never share financial data or passwords via email or SMS. Always call your bank directly if a request seems suspicious. It’s also important to create unique passwords for each online account. Use three random words to craft a strong and memorable password, and enable multi-factor authentication wherever possible,” reminds Loïc Guézo.
It’s also recommended to regularly monitor bank accounts for suspicious transactions. In the event of an unauthorized debit, contact your bank immediately to report the anomaly and request a refund. For accounts tied to companies affected by data breaches, it’s strongly advised to change passwords promptly.
the newsletter
the newsletter