20 million Free clients subject to data leak: what victims should do

Up to 20 million clients of internet and mobile provider ‘Free’ have been impacted by a data leak, after hackers breached the company’s servers. 

This includes the IBANs (International Bank Account Numbers) of nearly 5 million people, however the company has said no passwords were stolen. 

Customers who had their IBAN leaked should have been informed of this via email. An IBAN alone is not enough to make a bank transfer from your account, but having access to it can make hacking attempts much easier and you more susceptible to phishing links. 

The information is being sold on the dark web, netting the hackers up to €160,000 according to French media outlet Actu. 

An investigation into the hacking has been opened, by the commission nationale de l’informatique et des libertés (CNIL), for an “attack on automated data processing systems, fraudulent collection of personal data and receiving property derived from a crime”.

Make an official complaint

If you are a Free customer and are concerned about the data leak, the company has a free helpline you can reach at 0 (+33) 805 921 100. It is open seven days a week between 09:00 and 18:00. 

You can also make a complaint to the CNIL about your data not being protected securely enough. 

If the leak culminates in you being the victim of scammers, you can also make an official complaint to the police as a victim of identity fraud or theft. 

At this moment in time, such crimes must still be reported in person.

Be wary of scams 

Free customers should be hypervigilant in the coming weeks over scams, specifically phishing attempts. 

Hackers may try to contact you pretending to be from your bank, using the information from the leak to pretend they know information only a bank advisor would (such as your IBAN). 

These attempts usually see scammers pretend you are the victim of a hacking attempt, and must change your password or details over the phone – in reality, you are helping them log into your account to take money from it. 

Alternatively, they may simply try to steal your identity using what they have, or send fake texts or emails inviting you to click on fake or malicious links. 

Read more: Bank call scams: why more people are being caught out in France

Another potential thing to look out for is the prolonged loss of signal or internet connection on your phone. 

If you lose signal for an extended period of time, you may be the victim of a ‘SIM swapping’, with a hacker having control of your phone number remotely. 

This would give them access to sensitive codes used to change passwords for accounts, such as internet banking, without your knowledge, allowing them to then log in remotely and deny you access. 

You can contact your phone plan provider to inform them of this, who can tell you if during this time any messages containing such codes were sent. 

Inform your bank of leak 

If you are concerned about your IBAN being leaked, you can inform your bank about what has happened. 

In return, they can place extra security measures on your account, including requiring you to strongly confirm all transactions made from your account (such as via a fingerprint scan on your internet banking app). 

You should also frequently check transactions from your account yourself, either through your internet banking app or statements, to ensure no unknown payments have been made.

The bank can reimburse you for any payments made without your authorisation by hackers due to the leak. 

Unlike phishing scams, where banks can argue customers willingly gave over their information and therefore should not be refunded for these transactions, payments made directly by hackers are usually always covered. 

Direct debit payments set up can also be cancelled.

Your bank should agree to all of these conditions, however if they fail to do so you can invoke article L133-24 of the French monetary code, which confirms these rights.

Read more: France is worst country in Europe for bank card fraud: how to protect yourself