The wave of cyber attacks against French institutions and companies continues with the hacking of the Venerable Caisse des Dépôts which led to the theft of data of tens of thousands of civil servants and local elected officials.
The black series continues. And on a large scale. In this mid-February 2025, we learn that the Caisse des Dépôts was recently the victim of a major hacking. The venerable institution, a key player in the management of public funds in France, revealed that personal data of nearly 70,000 civil servants affiliated with Ircantec, a pension plan managed by the “cashier”, had been stolen. As reported France Infohacking has mainly affected contractual, territorial and hospital public service agents, as well as hospital practitioners, but also a thousand local elected officials.
The flight was made possible by a fraudulent use of the connection identifiers of several public employers, allowing hackers to access the pension management platform. Compromise information includes sensitive data such as names, first names, social security numbers, dates and places of birth, as well as the postal addresses of the victims. However, Caisse des Dépôts assured that banking data, email addresses, passwords and phone numbers have not been assigned.
Piracy of the Caisse des Dépôts: the victims warned by email
Faced with this cyber attack, the institution reacted quickly. The victims were informed by e-mail or mail, and security measures have been set up to block fraudulent access and strengthen the protection of user accounts. In addition to this, Caisse des Dépôts has strengthened checks on the creation of accounts, while warning its partners so that they can also adjust their security systems in the event of suspicious activities. However, we can regret that an institution as essential and sensitive has not taken more precautions to protect yourself from this type of break -in, especially when you know that it manages gigantic funds for popular savings and social housing By funding projects of general interest through its multiple subsidiaries and satellites (Bpifrance, Transdev, CNP Assurances, CDC Habitat, Compagnie des Alpes; etc.).
This hacking intervenes in a context where attacks against public institutions are increasingly frequent. In recent months, several French organizations, such as CAF or France Work, have also been the target of data flights, not to mention multiple private companies such as Free, SFR, LDLC, Kiabi, Auchan, Leclerc, Norauto or recently Chronopost.
In response to this incident, a complaint has been filed, and the National Commission for Data Protection (CNIL) has been informed, in accordance with the General Data Protection Regulations (GDPR). The authorities hope to quickly find the authors of this attack, and the Caisse des Dépôts continues to closely monitor the situation in order to prevent other such incidents from happening. For users concerned, it is recommended to remain vigilant about any suspicious activity on their accounts and to strengthen their digital security practices.