Data breach at French unemployment agency exposes 43 million people
Hackers infiltrated the France Travail's IT systems
France's national employment agency, France Travail, and its subsidiary Cap Emploi, which aids individuals with disabilities, have been hit with a significant data breach, potentially impacting 43 million users who registered over the past two decades.
Formerly known as Pole Emploi, France Travail serves as a lifeline for job seekers, providing registration services, financial aid and employment assistance. However, trust has been severly undercut by a recent breach that compromised sensitive data dating back 20 years.
France Travail disclosed on Wednesday that the breach occurred between 6th February and 5th March this year, during which time hackers infiltrated the agency's systems, pilfering details of registered job seekers and individuals with candidate profiles.
"Following a cyberattack of which France Travail and Cap emploi were victims, personal information concerning job seekers currently registered with France Travail, people previously registered over the last 20 years as well as people not registered on the list of applicants employment but having a candidate space on francetravail.fr are likely to be disclosed and exploited illegally," the agency said.
Data stolen includes full names, dates and places of birth, social security numbers (NIR), France Travail identifiers, email addresses, postal addresses and phone numbers.
While bank details, login credentials and passwords remain secure, the potential for cybercriminals to exploit the exposed information looms large.
France Travail says it has notified the National Commission of Informatique and Liberties (CNIL) and initiated measures to mitigate the breach's impact.
It reassured users that allowance payments remain unaffected, and access to their accounts persists.
No threat actor has so far claimed responsibility for the attack.
The enormity of the breach has sparked fears that the stolen data could be mixed with information from other breaches, potentially amplifying the risks of identity theft and fraud for affected individuals.
The CNIL has launched an investigation to ascertain compliance with the EU's General Data Protection Regulation (GDPR). The regulator said affected individuals will receive notifications from the agency.
Impacted individuals are encouraged to lodge complaints with the Paris prosecutor's office to aid in the ongoing investigation.
· Exercise heightened caution with regards to messages (SMS, emails), especially those prompting urgent actions like payments.
· Refrain from sharing passwords or banking information via email.
· If uncertain, avoid opening attachments or clicking on links that urge users to log into personal accounts; instead, access the official website directly through the browser.
· Regularly monitor activities across accounts for any irregularities.
This breach follows a similar incident last August involving a service provider to France Travail, which compromised the data of an estimated 10 million French citizens.
It surpasses the Viamedis and Almerys breach in February, which impacted more than 33 million people.
The incident comes at the time when reports surfaced of distributed denial-of-service (DDoS) attacks targeting multiple French government departments, attributed to the pro-Russia group Anonymous Sudan.
Coincidentally, the attacks occurred shortly after President Emmanuel Macron reiterated France's support for Ukraine in its conflict against Russia, raising questions about potential geopolitical motives behind the incident.