Saint-Ouen-L'Aumône, July 5th, 2021
Dear Business Partners,
We would like to inform you that our Laboratory has been the victim of a data theft following a failure of one of our service providers, in charge of hosting one of our databases.
This database containing patients' information was momentarily exposed on the Internet. The investigations we immediately conducted enabled us to conclude that unauthorised persons accessed this database and that a certain volume of data, including personal data, had been exfiltrated.
The safeguard of data is our core priority. Hence, as soon as this incident was identified:
We also provided, in our capacity as data controller, the competent supervisory authorities (i.e. the French Data Protection Authority (CNIL) and the Regional Health Authority) with all the information in our possession concerning this incident and filed a complaint to the police services.
The following categories of personal data, which were included in the database, might have been exfiltrated:
The database did not contain any information relating to social security numbers (NIR), bank details or postal, electronic or telephone contact details.
Despite the actions already taken by our Laboratory and the fact that no specific contact details was available, we thank you for bringing to our attention any event or information related to this incident.
Please note that an information note for patients is published on the website www.lab-cerba.com.
Finally, we specify that, in our opinion, it is not necessary for you to notify the CNIL (or any other local Data Protection Authority) insofar as we have taken all these necessary steps in our capacity as data controller.
If you have any questions, please send us an e-mail to firstname.lastname@example.org or a letter to RPD - CERBA - 7-11 Rue de l'Équerre, 95310 Saint-Ouen-l'Aumône.
Sylvie CADO -CEO Cerba