Cyberattack at French identity agency raises data exposure concerns

A cyberattack on France’s National Agency for Secure Documents (ANTS) may have exposed sensitive personal data linked to identity document and driving licence services. Detected on 15 April, the incident potentially impacts both individual and professional accounts, with compromised data including login credentials, names, email addresses, dates of birth, and unique account identifiers. Additional details such as postal addresses, phone numbers, and places of birth may also be affected.

Authorities have confirmed that uploaded supporting documents were not exposed and that the breach does not enable direct account access. However, the lack of clarity around the number of affected users and the attack’s origin raises ongoing concerns.

The breach follows a pattern of recent incidents across French public systems, including compromises involving student platforms and national banking records. Investigations remain ongoing as authorities work to assess the full scope and reinforce security controls.

Over 1,300 SharePoint servers remain exposed after zero-day exploitation

More than 1,300 unpatched on-premises Microsoft SharePoint servers remain exposed to an actively exploited spoofing vulnerability, tracked as CVE-2026-32201. The flaw affects SharePoint 2016, 2019, and Subscription Edition, enabling unauthenticated attackers to exploit improper input validation and carry out network spoofing attacks without user interaction.

Despite being addressed in April’s Patch Tuesday, remediation efforts have been slow. Fewer than 200 systems have been secured since the update was released, leaving a significant attack surface. Microsoft confirmed that exploitation could expose sensitive data and allow unauthorised modification, although it does not impact system availability.

The vulnerability has been added to the Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities catalogue, with federal agencies ordered to patch within strict deadlines.

With no attribution confirmed and exploitation ongoing, the situation highlights persistent patching delays and the risks associated with exposed enterprise infrastructure.

Canada life breach exposes data of up to 70,000 individuals

Canadian insurer Canada Life has confirmed a cyber incident that exposed the personal data of up to 70,000 individuals, primarily linked to a single large corporate benefits client. The breach stemmed from unauthorised access via an employee account, highlighting the continued risk posed by identity-based attacks.

The threat group ShinyHunters has been linked to the incident, claiming responsibility after posting details online. Compromised data includes names, dates of birth, addresses, gender, and income levels, information that could be leveraged for identity theft or fraud.

The company stated the incident has been contained, with systems remaining operational. Affected individuals are being contacted and offered credit monitoring services, while investigations continue with support from external cybersecurity experts.

This breach adds to a growing trend of attacks across Canadian organisations, many involving compromised credentials or third-party access, reinforcing the need for stronger identity security controls and monitoring.

Police data breach in South Africa raises national security concerns

A major cyberattack on Police Medical Aid Scheme (Polmed) has exposed highly sensitive data belonging to South African police personnel, creating serious risks to both individual safety and national security. The breach, linked to the cybercriminal group ShinyHunters, reportedly includes identity numbers, medical records, financial data, job roles, and residential addresses.

The nature of the compromised data significantly elevates the threat landscape. Exposure of officer roles and home addresses introduces the risk of targeted attacks, blackmail, and advanced social engineering campaigns. Investigators believe attackers exploited weaknesses in system architecture to impersonate administrators and gain deep access to internal databases, potentially mapping elements of police command structures.

Authorities, including regulators and law enforcement, have launched investigations, while Polmed continues to assess the full scope. The incident highlights systemic challenges in protecting sensitive data, particularly around identity security, access controls, and monitoring within critical public sector systems.

Unauthorised access claims raise concerns over Mythos AI controls

Anthropic is investigating reports that unauthorised users may have accessed its restricted Claude Mythos model through a third-party vendor environment. The model, positioned as a highly advanced cybersecurity tool, has been deliberately limited to select organisations due to concerns around its potential misuse.

Initial findings suggest the access may not have resulted from a traditional breach, but rather from misuse of existing permissions within a partner ecosystem. While there is no evidence that malicious actors have exploited the model, the incident raises critical questions about access governance and third-party risk in AI deployments.

The situation highlights broader concerns around frontier AI control. At the National Cyber Security Centre CyberUK conference, officials stressed that while AI can strengthen defence capabilities, it also accelerates the discovery and exploitation of vulnerabilities where cybersecurity fundamentals remain weak.

Read our CTO’s thoughts on Mythos HERE

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.