Data of more than 200,000 Chronopost clients in France stolen: what to do if affected
The information, including some phone numbers, may be used by scammers at a later date
Two cyberattacks have targeted Chronopost and Caisse des Dépôts
SuPatMaN/Shutterstock
Data belonging to tens of thousands of people in France could be at risk after cyberattacks on the parcel delivery service Chronopost and the financial institution the Caisse des Dépôts.
A total of 280,000 people could be affected after hackers gained access to the data of 210,000 Chronopost customers, and 70,000 people whose supplementary pension is managed by the Caisse des Dépôts.
The breaches resulted from two separate recent cyberattacks, the groups confirmed to press agency AFP on Thursday, February 13.
As stipulated by French law, the digital and data privacy commission CNIL (la Commission nationale de l'informatique et des libertés) was notified of the two attacks.
Cyberattacks of this nature often result in the hackers later selling the data collected. This can enable scammers to defraud the victims typically by SMS or email, using the stolen data.
Chronopost attack
Chronopost was the victim of a cyberattack at the end of January, it said. The hacker was able to access clients’ surnames, first names, postal addresses and the signature they made as proof of delivery.
Sometimes a client’s telephone number was also included, Chronopost said.
CDC pension company
The Caisse des Dépôts (CDC) said that a hacker was able to “illegitimately access the personal data of certain Ircantec members” during a cyberattack. This is a supplementary pension fund for public sector employees managed by the CDC.
The CDC did not specify what personal data was involved, but it did say that the hacker appeared to have gained access due to having “login details belonging to several public employers”.
It said: “Around 70,000 people have been identified as being affected, including public service contractors and around 1,000 local elected representatives.”
Everyone who was affected by the CDC hack has been informed of the risk by email or post, it said. It added that so far it had not seen any “irregular activity in the personal spaces of its affiliates”.
What should I do if I believe I am affected, or if my data has been stolen elsewhere?
If you are affected, you should receive an official letter from the body concerned, informing you of the breach, and advising you the steps to take to prevent further loss.
In general, the steps to take depend on the sensitivity of the data stolen, advises Le Figaro. For example, a name and address, and even a social security number on its own, may not be of much use to criminals.
However, data such as on a passport, ID card, or tax notice can lead to identity theft and credit fraud. In this case, it makes sense to file a police report to create a paper trail about the theft, and to put an official complaint on record.
You may also wish to cancel existing documents (such as credit cards and passports) and get new ones. If needed you can also consult a specialist lawyer on the issue, and receive legal help from consumer associations such as UFC Que Choisir.
You can also submit a formal complaint to la CNIL and/or report scams to the fraud reporting website Signal Arnaques.
Fraudulent transfers and transactions made by scammers and criminals should be reported to your bank as soon as possible (in the event of the scammer managing to set up a direct debit in your name, you have 13 months to contest this). The bank is then required to return the stolen money. To do this, be sure to keep an eye on your bank accounts and statements, and report any suspicious movements immediately.
Read also: What to do if scammers try a ‘money mule’ trick on your French bank account
Be aware of scams and phishing techniques too. Fraudsters who have some of your data may try to contact you to obtain extra details to enable them to scam you. For example, they may call or email pretending to be your bank, and ask you for your login details.
Read more: Scam email alert for clients of three leading French banks
Read more: Holidaymakers in France hit by huge surge of online crime aided by AI
If your phone number has been leaked it is unlikely to lead to fraud but it may mean you receive more spam or marketing calls. In this case you can change your number or block any nuisance numbers.
Read also: Four ways to stop cold calls to your French telephone number
Read more: This quick step could stop cold calls to your French mobile
Read also: Two new ways to fight back against cold callers in France
