Wednesday, France Travail disclosed (Translation here) that hackers stole personal data belonging to 43 million job seekers who had registered with the French governmental unemployment agency. France Travail is the government agency in France tasked with registering unemployed citizens, offering financial assistance, and aiding them in securing employment opportunities.
The cyberattack occurred between February 6th and March 5th and includes data spanning 20 years.
The data that has been exposed from this attack includes:
- Full name
- Date of birth
- Place of birth
- Social security number
- France Travail identifier
- Email address
- Postal address
- Phone number
This is the second data breach France Travail has suffered. Last August approximately 10 million individuals (Translation here) were impacted by an attack indirectly attributed to the Clop ransomware group who exploited a zero-day vulnerability in the MOVEit Transfer software tool.
The cyberattack on the agency sets a new record for France impacting the largest number of individuals, surpassing the more than the 33 million people (Translation here) impacted by the Viamedis and Almerys breach in February.
Ted Miracco, CEO, Approov Mobile Security:
“The good news here is that while the disclosed information includes sensitive personal identifiers, it does not extend to passwords or banking information, limiting the scope of immediate financial fraud, however the potential for identity theft or other forms of cybercrime remains. Also, the response from France Travail aligns with best practices in handling data breaches, in compliance with the General Data Protection Regulation (GDPR).
“This incident underscores the critical need for organizations to implement robust cybersecurity measures at the edge, especially when it comes to mobile devices, which are increasingly used in attacks. Comprehensive security audits, regular vulnerability assessments, and real-time analytics are critical for security awareness. Lastly, it highlights the importance of having an incident response plan that can be quickly activated to mitigate the impact of data breaches.”
The fact that this organization has been pwned twice isn’t good. They really have some work to do to make sure that they don’t get pwned a third time.
43 Million Job Seekers Impacted By French Unemployment Agency Hack…Again
Posted in Commentary with tags Hacked on March 16, 2024 by itnerdWednesday, France Travail disclosed (Translation here) that hackers stole personal data belonging to 43 million job seekers who had registered with the French governmental unemployment agency. France Travail is the government agency in France tasked with registering unemployed citizens, offering financial assistance, and aiding them in securing employment opportunities.
The cyberattack occurred between February 6th and March 5th and includes data spanning 20 years.
The data that has been exposed from this attack includes:
This is the second data breach France Travail has suffered. Last August approximately 10 million individuals (Translation here) were impacted by an attack indirectly attributed to the Clop ransomware group who exploited a zero-day vulnerability in the MOVEit Transfer software tool.
The cyberattack on the agency sets a new record for France impacting the largest number of individuals, surpassing the more than the 33 million people (Translation here) impacted by the Viamedis and Almerys breach in February.
Ted Miracco, CEO, Approov Mobile Security:
“The good news here is that while the disclosed information includes sensitive personal identifiers, it does not extend to passwords or banking information, limiting the scope of immediate financial fraud, however the potential for identity theft or other forms of cybercrime remains. Also, the response from France Travail aligns with best practices in handling data breaches, in compliance with the General Data Protection Regulation (GDPR).
“This incident underscores the critical need for organizations to implement robust cybersecurity measures at the edge, especially when it comes to mobile devices, which are increasingly used in attacks. Comprehensive security audits, regular vulnerability assessments, and real-time analytics are critical for security awareness. Lastly, it highlights the importance of having an incident response plan that can be quickly activated to mitigate the impact of data breaches.”
The fact that this organization has been pwned twice isn’t good. They really have some work to do to make sure that they don’t get pwned a third time.
Leave a comment »