France’s Employment Agency has suffered a data breach that could have affected 43 million potential users.
France Travail announced on March 13, 2024, that its IT systems and those of Cap Emploi, a government employment service that supports people with disabilities, were breached.
The exposed personal data includes names, social security numbers, dates of birth, user IDs, email and postal addresses, and phone numbers of France Travail and Cap Emploi users.
The incident does not affect allowance payments, and users can still connect to their France Travail account. However, the agency advised its users to be extra cautious when receiving a message pretending to be from its services.
France Travail has notified France’s data watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL), and filed a complaint with the police.
The French police have opened an investigation and released an online complaint form for people whose data may have been exposed.
The CNIL also opened an investigation to determine whether sufficient data security measures were in place in compliance with the EU’s General Data Protection Regulation (GDPR).
The French government indicated that the malicious actor gained unauthorized access to Cap Emploi’s systems around February 6. The agency notified the CNIL on March 8.
The attack has not been claimed by nor attributed to any specific threat actor at the time of writing.
The CNIL issued a list of recommendations to anyone who may have their personal data exposed by the breach:
- Be particularly vigilant with regard to messages (SMS, emails) that you may receive, especially if they ask you to carry out an urgent action, such as making a payment
- Never give out your passwords or bank details by e-mail
- If you have any doubts, do not open attachments; do not click on links contained in messages inviting you to connect to a personal space;l.
- Make sure you use strong passwords for your e-mail, bank accounts, and other essential services
