A database containing the personal data of 363,770 inhabitants of Haute-Garonne is freely accessible on the dark net, relates The Dispatch. This discovery is the fruit of the work of the Toulouse-based company ITrust, which publishes cybersecurity software. She immediately notified the National Information Systems Security Agency (Anssi).
Known people concerned
The names, first names, postal addresses and telephone numbers are concerned. The database is also believed to contain information from some well-known people, such as senior elected officials and senior Airbus executives, according to local media who were able to consult it.
According to ITrust, the origin of this leak is known. This database belongs to the Toulouse-based company Distrix, which specializes in organizing flyer and leaflet distribution campaigns. But its leader, Guillaume Cessac, said he was not aware of this breach and blamed his data host.
The company tries to clear customs
“These data are hosted by our service provider who leases the digital platform from us. We are only the users of the solution that we rent monthly, not the owners“, detailed the manager, adding that he was going to alert him of the situation. Important note, the Distrix site does not contain any tab on the confidentiality policy of the company. It is therefore impossible to know who this service provider is. , nor how personal data is used in practice.
According to Jean-Nicolas Piotrowski, founder and director of ITrust, “this file is still accessible on their server“. However, such a leak can have significant consequences. Indeed, people whose data circulates freely are prime targets for phishing campaigns and identity theft …
Leakage of 500,000 medical data
This new leak comes a few weeks after the discovery of a database containing the health data of half a million patients. Were concerned social security numbers, identifiers, dates of birth, blood groups …
In early March 2021, the Paris court ordered SFR, Bouygues Telecom, Orange and Free to immediately block the site hosting this file. The judge considered that “the uploading of the file violated the privacy of the persons concerned”.