Data Breach at French Unemployment Agency Affects 43 Million Individuals

Cyber Attack

France Travail, formerly known as Pôle Emploi, has issued a warning after discovering a breach in its systems, potentially exposing the personal information of around 43 million individuals.

France Travail is the French governmental agency responsible for managing unemployment registrations, providing financial assistance, and facilitating job placement.

The breach occurred between February 6 and March 5, with hackers gaining access to details of job seekers registered with the agency over the past two decades and data from individuals with a job candidate profile.

The agency will notify affected individuals regarding the breach, and France’s National Commission of Informatique and Liberties (CNIL) has been informed of the situation, estimating up to 43 million people may be affected.

The compromised data includes full names, dates and places of birth, social security numbers (NIR), France Travail identifiers, email addresses, postal addresses, and phone numbers. This raises concerns about identity theft and phishing attempts.

While bank details and account passwords remain secure, CNIL warns cybercriminals may attempt to correlate the exposed data with information from other breaches.

Those impacted by the breach are advised to remain vigilant against suspicious emails, phone calls, and SMS messages. Individuals can file complaints with the Paris prosecutor’s office to aid in the investigation.

This incident marks a new record in France, surpassing the 33 million people affected by the Viamedis and Almerys breach in February. It follows a previous data breach last August, indirectly attributed to the Clop ransomware group exploiting a zero-day vulnerability in MOVEit Transfer software.