Following the cyberattack against France Travail, the personal data of more than 43 million job seekers were “potentially” stolen. One more attack in a particularly tense digital context…
The current context is particularly electric for French companies and organizations! With the Olympic Games fast approaching, the country is facing a surge in cyberattacks. Whether hospitals, banks, operators or public institutions, absolutely no one is spared! While hackers have already seized some of the personal data of Sidaction donors, LDLC, a French group specializing in the sale of computer equipment online, faced a massive leak and Social Security saw the numbers of 33 million of its customers revealed, a group of pro-Russian hackers attacked several state IT services a few days ago. And that’s without counting the attacks against CAF, EDF and Crédit Agricole! In short, the atmosphere is particularly tense!
And it’s not getting any better! France Travail (formerly Pôle Emploi) has just announced that it has suffered a cyberattack targeting “potentially” 43 million people. Just that ! “Following a cyberattack of which we were victims with Cap emploi, personal information concerning you may be disclosed. Your banking information is not affected. We are sorry for this incident and we invite you to remain vigilant”, can we read on its website.
Hacking France Travail: one more cyberattack
The attack took place between February 6 and March 5 – a broad month-long period – but was not detected until this week. Personal information “people previously registered over the last twenty years as well as people not registered on the list of job seekers, but having a candidate space on francetravail.fr are likely to be disclosed and exploited illegally”, explains the job search agency. The first and last names, social security numbers, dates of birth, France Travail identifiers, email and postal addresses, and telephone numbers were stolen. However, the passwords and banking details were not leaked.
A preliminary investigation was opened by the Paris Prosecutor’s Office and entrusted to the Cybercrime Brigade of the Paris Judicial Police Department, which set up a simplified complaints system for those affected. In accordance with the law, France Travail filed a complaint and notified the National Commission for Information Technology and Liberties (CNIL). All people affected by the cyberattack will of course be contacted. Support is also available through the 39 49 telephone platform to assist those who have questions on this subject.
For her part, the president of the CNIL, Marie-Laure Denis, decided “to carry out investigations very quickly in order to determine in particular whether the security measures implemented prior to the incident and in response to it were appropriate with regard to the obligations of the General Data Protection Regulation (GDPR)”. If you are a person concerned, the Commission advises you:
- to be particularly vigilant regarding messages (SMS, emails) that you may receive, particularly if they invite you to carry out an emergency action, such as a payment;
- never communicate your passwords or banking details by email;
- not to open attachments if in doubt and not to click on links contained in messages that invite you to connect to a personal space;
- to periodically check the activities and movements on your various accounts;
- to go to the site cybermalveillance.gouv.fr for advice on how to protect yourself from actions aimed at stealing your identity;
- to ensure that you use sufficiently strong passwords for your email, bank accounts and other important services (taxes, e-commerce sites, etc.).
This is not the first time that Pôle emploi has been the victim of a data leak. Already in June 2021, the site had been stripped of 1.2 million personal data concerning no less than 120,000 people. Worse, last summer, a cyberattack against one of Pôle emploi’s service providers resulted in the sale of the personal data of more than 10 million job seekers (see our article).