Skip to content
Support
Sign In Subscribe
Leaks

More Than 105,000 Records Allegedly Leaked From French Insurance Assistance Firm Inter Mutuelles Habitat

 and  Dark Web Informer
9 min read
Breach Report France flagFrance Insurance

More Than 105,000 Records Allegedly Leaked From French Insurance Assistance Firm Inter Mutuelles Habitat

A threat actor using the alias ChimeraZ has posted what they describe as a partial database of Inter Mutuelles Habitat (referenced as ima.eu / imha.fr), a French organization specializing in home-insurance assistance and claims management for policyholders of partner mutual insurers. The leak is presented as a 341 MB JSON file containing roughly 105,000 records of insurance claim correspondence. Claimed fields include policyholder names, full postal addresses, landline and mobile phone numbers, claim (sinistre) references, invoice IDs, partner company names, SIRET numbers, and free-text case details. The dataset's scope is unverified.

Data~105K records
PriceFree leak
CountryFrance flagFrance
ActorChimeraZ

Post details

TargetInter Mutuelles Habitat (ima.eu / imha.fr)
CountryFrance flagFrance
SectorInsurance / Claims Management
ClaimPartial database leaked
Data~105K records, 341 MB JSON
ObservedJun 16, 2026
PriceFree leak (reply-gated)
ActorChimeraZ

!Allegedly included

  • ~105,000 records (claimed)
  • 341 MB JSON file
  • Policyholder names
  • Full postal addresses
  • Landline & mobile numbers
  • Claim / sinistre references
  • Invoice IDs & case details
  • Partner names & SIRET

Screenshot

Inter Mutuelles Habitat France alleged leak Screenshot 1 Screenshot 1 Redacted preview

Potential impact

Because the actor presents this as a leaked claims database, the per-record sensitivity is high. The data reportedly ties policyholder PII, including full names, complete home and postal addresses, and landline and mobile phone numbers, to specific insurance claims, including claim references, invoice numbers, dates, and free-text correspondence describing incidents (storm, water, hail damage and similar) and remediation. Partner organizations appear with company names, addresses, and SIRET numbers. This pairing of identity and real, ongoing claim context is well suited to highly convincing claim-specific phishing and fraud, where an attacker references a genuine case to build trust, as well as address-based targeting and identity abuse. No passwords or payment-card data are referenced in the samples. The scope and authenticity are unconfirmed.

iStatus

Unverified

Sample records and download links were posted to an underground forum behind a reply-gate (“hidden content”); the sample records and download links are not reproduced here. The actor describes the data as a partial leaked database of the organization. The claim has not been independently confirmed and Inter Mutuelles Habitat has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest