491,000+ French Patients’ Records Leaked in Cybercrime Forums

We are in the second month of the year 2021, and the number of high-profile breaches is reaching new levels. A few days ago, we saw 3.2 billion credentials leak and 130 million new records entered in the cybercrime marketplaces.

In this instance, Cyble researchers noted a threat actor who sold records of over 491,000 French patients in the darkweb.

The original post was made in RaidForum, for sale, but was later leaked for free on a Russian-speaking hacking forum after a dispute.

Cyble researchers investigated the leak and found the following entries have been exposed:

Type; Lab Code; Lab Id; Patient Id; SS No; Sex; Title; Patient Name; Patient First Name; 2nd Patient First Name; Insured Name; Insured First Name; Maiden Name; Spouse; Address 1 Patient; Address 2 Patient; Address 3 Patient; Address 4 Patient; Fixed Patient Telephone; Mobile Patient Telephone; Other Patient Telephone; Fax 1 Patient; Fax 2 Patient; Mail Patient; Addr. Commune Patient; Commune Patient Code; Commune Patient Name; Patient Postal Code; Patient Dispensing Office; Date of Birth; Blood Group; Rhesus Factor; Room No; Last Visit; Center TP 1; Beneficiary Rank; NIS No; CPAM Rank; Police No ; Center TP 2; Hospitalization Date; ALD Response; ALD Code; Beneficiary Situation; Mutual No; Insured Id; Supported; Minitel Consultation; SNCF CP; Edit Etiquette; TP Preemption Date; Medecin Id; National Medecin No; Medecin Title; Name Doctor; First Name Doctor; 2nd First Name Doctor; Address 1 Doctor; Address 2 Doctor; Address 3 Doctor; Address 4 Doctor; Fixed Phone Doctor; Mobile Phone Doctor; Telephone Other Doctor; Fax 1 Doctor; Fax 2 Doctor; Mail Doctor; Adr . Municipality Doctor; Code Municipality Doctor; Name Municipality Doctor; Postal Code Doctor; Office Distributor Doctor; HPRIM Doctor No; ID Preleveur; National No Preleveur; Key Code Preleveur; Key Name Preleveur; Title Preleveur; Name Preleveur; First Name Preleveur; 2nd Preleveur First Name ; Address 1 Preleveur; Address 2 Preleveur; Address 3 Preleveur; Address 4 Preleveur; Fixed Telephone Preleveur; Mobile Telephone Preleveur; Telephone Other Preleveur; Fax 1 Preleveur; Fax 2 Preleveur; Mail Preleveur; Adr. Commune Preleveur; Commune Code Preleveur; Name Commune Preleveur; Postal Code Preleveur; Office Distributor Preleveur; Id Third Party Paying 1; CPAM; Name Third Party Paying 1 ;;;; Address 1 Third Party Paying 1; Address 2 Third Party Paying 1; Address 3 Third Party Paying 1; Address 4 Paying Third Party 1; Paying Third Party Landline 1; Paying Third Party Mobile Phone 1; Paying Other Third Party Telephone 1; Paying Third Party Fax 1; Paying Third Party Fax 1; Paying Third Party Mail 1; Adr. Paying Third Party Municipality 1; Paying Third Party Municipality Code 1; Paying Third Party Municipality 1; Paying Third Party Postal Code 1; TP 1 Distributor Office; Paying Third Party Id 2; CPAM; Paying Third Party Name 2 ;;;; Address 1 Paying Third Party 2; Address 2 Paying Third Party 2; Address 3 Paying Third Party 2; Address 4 Paying Third Party 2; Paying Third Party Landline 2; Paying Third Party Mobile Phone 2; Other Paying Third Party Phone 2; Fax 1 Paying Third Party 2; Paying Third Party Fax 2; Paying Third Party Mail 2; Addr. Paying Third Party Commune 2; Paying Third Party Commune Code 2; Paying Third Party Commune Name 2; Paying Third Party Postal Code 2; TP 2 Distributor Office; TP1 Grand Regime Code; TP1 Manager Cashier Number; TP1 Mutual Number; TP2 Grand Regime Code; Manager Cashier No TP2; Mutual No TP2; Address 1 Patient (2); Address 2 Patient (2); Address 3 Patient (2); Address 4 Patient (2); Fixed Telephone Patient (2); Telephone Mobile Patient (2); Telephone Other Patient (2); Fax 1 Patient (2); Fax 2 Patient (2); Mail Patient (2); Addr. Common Patient (2); Common Patient Code (2); Common Patient Name (2); Patient Postal Code (2); Patient Dispensing Office (2); SR Identifier; MP; Comment D; Comment P;

We also noted that over 156,000 records have email addresses as well – Cyble has indexed the leaked information on AmIBreached.com.

Source of the data leak: At the time of writing this article, Cyble researchers are unsure about the original source.

We recommend the following: 

  • Never share personal information, including financial information over the phone, email, or SMS  
  • Use strong passwords and enforce multi-factor authentication wherever possible  
  • Regularly monitor your financial transactions; if you notice any suspicious activity, contact your bank immediately  
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices wherever possible and pragmatic  
  • Use a reputable antivirus and internet security software package on your connected devices, including PC, laptop, and mobile  
  • Register at AmiBreached.com to ascertain your exposure if you’re concerned about your exposure in the Darkweb 
  • Refrain from opening untrusted links and email attachments without verifying their authenticity   

About Cyble 

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com

Scroll to Top