News Heading - 1

Viamedis Data Breach Puts Millions at Fraud Risk

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Millions of insurance policyholders and healthcare professionals are at risk of fraud after French healthcare services provider, Viamedis, suffered a data breach incident.

According to the firm’s ongoing investigation, the incident was not ransomware, rather an employee targeted phishing attack, which allowed the unidentified hacker to breach its system.

Although the company did not disclose the number of impacted individuals, it is believed that around 20 million insured individuals avail its services. The compromised data includes sensitive information like an individuals’ name, date of birth, marital status, social security number, name of insurance provider, and guarantees available to third-party payers.

The exposed data did not include banking information, postal address, phone numbers, email addresses. As for health data, ‘’only less than 50 beneficiary invoices have been breached and only concerns information on medical transport (taxi, ambulance),’’ the announcement revealed.

In addition to preparing a separate notification detailing the type of data exposed, the company has also established a separate information system for healthcare professionals.

In terms of impact on service delivery, Viamedis said that due to the temporary discontinuation of its platform, among health professionals, only opticians and audioprosthetists would be affected. However, ‘’beneficiaries will be able to continue to use their carte vitale and their third-party payment card’’ as usual, it continued.

Viamedis has filed a complaint with the public prosecutor and informed that affected healthcare companies. It has also notified the relevant regulatory authorities, including CNIL and ANSSI.

The incident notification was posted on LinkedIn, as its website continues to remain offline. Viamedis is a third-party payment provider for 84 complementary health insurance companies, and some of the organizations using its services include Carte Blanche Partenaires, Itelis, Kalixia, and Santéclair, among others.

In a separate incident, Almerys , another French third-party health payment processor faced a similar data breach attack.

News Heading - 2

Hackers Exploit Job Sites to Steal Millions of User Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A previously unknown threat actor was found to be targeting recruitment and retail companies in the APAC region, with a motive to harvest emails and other sensitive user information.

First detected in November 2023, the unknown hackers dubbed ‘’ResumeLooters’’ by the Singapore-based Group-IB, harvested data from 65 websites between November-December 2023.

By using SQL injection technique (SQLi) and cross-site scripting (XSS) infections into a few websites, the gang was discovered selling the extracted data on “Chinese-speaking, hacking-themed Telegram groups.”

‘’ResumeLooters tried inserting XSS scripts into all possible web forms of the targeted websites, hoping they would display phishing forms to obtain admin credentials,’’ Group-IB disclosed .

The stolen data is said to contain 2,188,444 user records, of which 510,259 data is from job search websites. These records consist of names, phone numbers, date of birth, employment history, email address, and other sensitive data. Moreover, it is believed that the campaign enabled hackers to successfully harvest more than two million unique email addresses.

Focussing on the APAC region, the campaign mainly targeted companies in India (12), Taiwan (10), Thailand (9), Vietnam (7), and China (3). Furthermore, Group-IB revealed that companies in Brazil, the USA, Turkey, Russia, Mexico, Italy, and some other non-APAC countries were also on the list of victims.

The identified companies were notified in order to contain the incident and prevent further damages.

Mainly relying on SQL injection via sqlmap as an initial vector, the gang also relied on other penetration testing tools. Applications like sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch were found on its servers.

According to the threat intelligence company, this is the second group in less than two months that was found ‘’conducting SQL injection attacks against companies in the Asia-Pacific region.’’ In December 2023, the firm discovered GambleForce , an SQL injection gang that attacked 20 websites in the region.