Thousands of citizens received a worrying email informing them that their personal information had been stolen during a hack of the Universal National Service website. A phishing campaign could follow.
Be careful if you are registered with the Universal National Service (SNU). The program, originally supported by former Prime Minister Édouard Philippe, has recently been the victim of a “malicious act”. This Monday, December 4, volunteers, mainly aged 15 to 17, received a very worrying message in their mailbox. The latter notably mentioned that the SNU platform had been hacked. Cybercriminals thus recovered the personal data of several thousand participants and their parents.“Personal data about you has been stolen and may be disclosed.”indicated the organization in the email sent to volunteers.
SNU hacking: data that can be used for targeted phishing
In its message, the Universal National Service indicates that the theft of data allowed hackers to recover the surname, first name, email address, postal address and date of birth of the volunteers. The parents’ compromised data is the same, except for their date of birth. Fortunately, other sensitive information did not fall into the hands of cybercriminals. “On the other hand, the usernames and passwords were not stolen”indicated Prisca Thevenot, Secretary of State for Youth and Universal National Service of France during an exchange with Actu.fr. According to the politician, this computer hack affected “62,500 accounts of young people registered in the SNU courses and 87,000 accounts of parents”or 150,000 people in total.
After this hacking, the public prosecutor was asked to carry out an investigation. This malicious act was also transmitted to the National Commission for Information Technology and Liberties (CNIL). For the moment, no information regarding the investigation has been released by National Education. It is still unclear whether this is a flaw in the security systems or even an internal error. Despite everything, volunteers and their loved ones are encouraged to be extra vigilant. After such an event, phishing attempts can indeed multiply. Using this data, hackers can attempt to send particularly convincing spoofed emails. We therefore recommend that you be very careful if you receive suspicious emails or letters in the coming days or even weeks.