Credit brokerage and repurchase specialist Cafpi recently suffered a cyber attack by hackers from the VICE Society group.
Following the intrusion, the attackers were able to remain in the system for several hours and were therefore able to steal very private data, including customer identity cards, contact details and also information taken during a finance application. The stolen data could include pay slips and bank statements. The Zataz website was able to identify credit agreements, loan applications, notary opinions and information on the company's general management and board.
The brokerage company said it was able to quickly put in place measures to block access to the systems so that they could then be restored and put back into operation. In addition to informing the CNIL, Cafpi has set up four call centres to support affected customers, as well as a frequently asked questions section to help them. On May 23, a campaign of alert emails was sent to customers to inform them that data had been stolen. The brokerage says it does not know the extent of the data stolen.
This is a major attack, as the compromised data can be used for identity theft, in particular to take out loans under a false name. To be continued…