France Travail, the country’s public employment service, has fallen victim to a cyberattack that resulted in a major data breach.
France Travail, previously known as Pôle emploi, is France’s public agency tasked with assisting job seekers in finding employment and providing relevant financial aid.
The agency stated that the breach, which occurred between February 6 and March 5, 2024, has potentially exposed the personal data of approximately 43 million users, including current job seekers, those registered in the past 20 years, and individuals with candidate profiles on francetravail.fr
The compromised data includes:
- names
- social security numbers
- France Travail identifiers
- email and postal addresses
- phone numbers
Passwords and bank account details were not affected by this security incident.
In adherence to its General Data Protection Regulation (GDPR) obligations, France Travail has taken steps to notify the affected individuals and filed a complaint with both the National Commission on Informatics and Liberty (CNIL) and the applicable judicial authorities.
The Paris Prosecutor’s Office has launched a preliminary investigation, which is being carried out by the Cybercrime Fighting Brigade of the Paris Judicial Police. Potentially impacted people are encouraged to file a complaint via this government portal to strengthen the ongoing investigation.
France Travail has also warned all potentially impacted individuals to remain vigilant against suspicious communications that may attempt to exploit the leaked data for phishing or identity theft. Registrants should also treat requests for providing personal information, such as passwords or payment details, with suspicion.
Last summer, the same agency suffered another breach impacting 10 million French job seekers who had registered before February 2022, exposing their names and social security numbers. The two security incidents are not linked. However, following last year’s security lapse, one would expect France Travail to implement additional protective measures to bolster its against attacks like the one it suffered recently.
The recent data breach at France Travail marks the most significant cybersecurity incident in the nation’s recent history in terms of the sheer volume of individuals affected. It eclipses the February 2024 breach that impacted payment system operators Viamedis and Almerys, where the personal data of 33 million people was compromised.