French unemployment agency data breach impacts 43 million people

France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.

France Travail is the French governmental agency responsible for registering unemployed individuals, providing financial aid, and assisting them in finding jobs.

Yesterday, the agency disclosed that hackers stole details belonging to job seekers registered with the agency in the last 20 years in a cyberattack between February 6 and March 5. Data from individuals with a job candidate profile was also exposed.

notice on France’s portal for assisting victims of cyberattacks informs that affected individuals will receive a notification from the agency regarding the personal data violation as a result of the incident. 

France Travail has informed the country’s data protection agency, the National Commission of Informatique and Liberties (CNIL), which stated that up to 43 million people may be impacted.

The types of the data that have been exposed from this attack include:

  • Full name
  • Date of birth
  • Place of birth
  • Social security number (NIR)
  • France Travail identifier
  • Email address
  • Postal address
  • Phone number

This data increases the risk of identity theft and phishing for the exposed individuals, so the agency recommends potentially impacted people to be particularly vigilant with emails, phone calls, and SMS they receive.

France Travail clarified that the data breach incident does not impact people’s bank details or account passwords, but CNIL warns that cybercriminals may use what’s available to correlate with missing data points from other breaches.

Those impacted by the data breach incident at France Travail can file a complaint with the Paris prosecutor’s office to help with the investigation.

Last August, France Travail suffered a massive data breach, which impacted approximately 10 million individuals.

That incident was indirectly attributed to the Clop ransomware group breaching the agency’s systems by exploiting a zero-day vulnerability in the MOVEit Transfer software tool.

The current cyberattack on the agency sets a new record in France, as it affects the largest number of individuals, more than the 33 million people impacted by the Viamedis and Almerys breach in February.

Source: www.bleepingcomputer.com