On August 2023, the French government employment agency Pôle emploi suffered a data breach and notified 10 million individuals impacted by the security breach.
The press release published by the agency states that its information systems are not impacted.
“In accordance with its obligations under the General Data Protection Regulation (GDPR), Pôle emploi has notified the CNIL today. The establishment will also file a complaint with the judicial authorities.” reads the press release published by the agency. “Jobseekers registered in February 2022 and former users of Pôle Emploi are potentially affected by this theft of personal data.”
The security breach exposed the surnames, first names and social security numbers of impacted individuals. Email addresses, phone numbers, passwords and financial data are not exposed.
The agency recommends job seekers remain vigilant on any potential fraudulent activity, it also added that there is no risk on the compensation and support offered by the agency, nor on access to the personal space of pole-emploi.fr.
The investigation conducted by France’s Cybermalveillance cybercrime prevention initiative revealed that threat actors stole the personal information of 43 million people between February 6 and March 5, 2024.
“The database allegedly extracted illicitly contains the personal identification data of people currently registered, people previously registered over the last 20 years as well as people not registered on the list of job seekers but having a candidate space on francetravail.fr. It is therefore potentially the personal data of 43 million people which have been infiltrated.” reads the press release published by France Travail.
The company notified the French data protection authority CNIL (Commission nationale de l’informatique et des libertés) and filed a complaint with the judicial authorities.
French authorities did not attribute the attack to a known ransomware group, however, Bleeping Computer observed that the French government agency was listed by the security firm Emsisoft on its MOVEit page, which means that it was likely a victim of the Clop ransomware gang.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, France Travail)