
L'Assurance Retraite Breach
Jan 6, 2026
509,690 rows
What happened in the L'Assurance Retraite Breach?
DataBreach.com Team · January 7th 2026, 7:00 pm EST
In September 2024, L'Assurance Retraite (managed by the CNAV) confirmed a significant data breach affecting approximately 370,000 beneficiaries. The incident did not directly compromise the organization's main public website (lassuranceretraite.fr), but rather targeted the Portail Partenaires de l’Action Sociale (PPAS), a platform used by third-party service providers to manage social action files for retirees. Cybercriminals gained access by usurping the accounts of these external partners, subsequently exposing sensitive personal information including Social Security numbers (NIR), postal addresses, and data related to financial resources. While the organization clarified that no banking details (IBAN/BIC) were stolen, the exposure of Social Security numbers creates a long-term risk for identity theft and highly targeted phishing campaigns (social engineering). Following the detection of the intrusion, the portal was temporarily suspended, and the incident was reported to the CNIL (French Data Protection Authority).










