In a stark warning about the vulnerabilities facing the financial sector, Harvest, a leading provider of financial software in France, experienced a major cyberattack on February 27, 2025. This unprecedented ransomware incident not only paralyzed numerous financial partners but also raised significant concerns regarding the safety of sensitive client data.
On February 28, partners of Harvest received alarming notifications detailing the digital siege. The malware attack, as revealed later by Harvest, originated from a compromised server associated with one of their service providers. To mitigate risks during the ongoing investigation, Harvest took the critical step of blocking access to its software. This software suite—comprising essential tools like O2S and Fidnet—is crucial to the daily operations of about 80% of wealth management advisors and private banks in France.
“We’ve been in the dark for ten days now,” recounted a frustrated executive from a Paris-based firm. “We’re unable to access our clients' portfolios and can’t execute online orders.” The repercussions cascaded, affecting various players within the sector. Shortly after the attack, Cardif, a BNP Paribas subsidiary, suspended access to its extranet, while MMA instructed its distributors to revert to postal communications for processing requests.
By March 4, Harvest communicated with clients, stating it had not yet identified any leaks of data, while investigations were still in progress. However, as infrastructure operations gradually resumed, a new alarm was sounded over potential large-scale data breaches. During March, Maif Solutions Financières—the mutual insurer and a key client of Harvest—alerted its customers about unauthorized access to sensitive information, such as personal financial situations and income details, assuring them that crucial data like passwords or bank IDs had not been compromised.
However, BPCE, another prominent client, contacted by L’Agefi, reported that cybercriminals had gained access to client data related to identities and account information. All 14 Banque Populaires and 15 Caisses d’Épargne were affected, warning their customers while keeping their online platforms accessible.
These data breaches pose a serious threat to individuals whose information has been exposed. The immediate danger includes targeted phishing scams where criminals, armed with personal data such as names and professional statuses, can prey on victims, coaxing them into sharing sensitive information or performing fraudulent transactions.
As Jerome Notin, the managing director of Cybermalveillance.gouv.fr, noted, perpetrators can escalate their attacks further. “If they have their phone number, scammers can even call victims, masquerading as their bank manager or insurance broker, claiming there are fraudulent activities on the account, which requires immediate action.”
Personal information could also lead to identity theft, where compromised data allows criminals to open fake accounts or take out loans under the victim’s name, creating long-standing financial havoc.
This incident starkly highlights the growing fragility of the financial sector against cyber threats. Harvest’s near-monopolistic position, reinforced by acquiring its main competitor, has resulted in a cascading effect within the industry. On March 12, the French Senate passed a new law aimed at bolstering the resilience of critical infrastructures and enhancing cybersecurity across the board. Among the pivotal measures implemented are strengthened risk management protocols, obligatory reporting of security incidents, and enhanced coordination with the National Cybersecurity Agency (ANSSI).
In summary, as the fallout continues from the Harvest cyberattack, it serves as a stark reminder that financial institutions are high-value targets for cybercriminals seeking to exploit sensitive data. The cascading effects of this incident reveal vulnerabilities that need urgent addressing for the protection of clients and the integrity of the financial system.
