Teacher
Professional
- Messages
- 2,670
- Reaction score
- 814
- Points
- 113
Compromise could have been avoided if the affected organization had listened to the experts recommendations in time.
As a result of a large-scale data security breach of France's largest employment agency, the personal information of more than 43 million citizens was compromised. The event affected about two-thirds of the country's population, raising concerns about the risks of fraud and identity theft.
On March 13, 2024, the employment agency France Travail, formerly known as Pole Employi, reported that it was the victim of a data leak that exposed the personal data of registered users, including their names, social security numbers, dates of birth, email addresses, postal addresses, phone numbers and user IDs.
Following the discovery of the incident, the agency immediately notified the Commission nationale de l'informatique et des libertés (CNIL) and filed a complaint with the police, which led to the launch of a formal investigation. Preliminary results of this investigation showed that the attackers gained unauthorized access to the agency's systems on February 6, posing as one of the employees.
Although the agency emphasizes that bank information and account passwords were not stolen, CNIL cautions that attackers can use the available data to get missing information from other sources. In this regard, citizens should be more careful about potential phishing, fraud, and identity theft.
The commission also said that the data leak could have affected both current and past applicants over the past 20 years. All affected users, according to CNIL, will be notified individually. In addition, all victims can file a complaint with the Paris Prosecutor's Office to assist in the investigation.
The French cybersecurity community has criticized France Travail for security flaws, especially given that the agency has been storing users ' data for 20 years with access from the network, as well as delayed notifying the relevant authorities about hacking.
Ethical hacker Olivier Lorelli, known online under the pseudonym Bluetouff, previously tried to warn France Travail about security flaws in their new web application, but received no response. After the leak, the hacker posted a new tweet in which he said that he "had a good laugh" because of what happened, because he warned the company about possible consequences.
This incident became a record number of victims in France, exceeding the data leak of Viamedis and Almerys, which affected 33 million people, and occurred around the same time as the leak of France Travail, last February. It is possible that the same malefactors are even involved in the incident.
The previous large-scale data leak in France Travail occurred in August last year and affected approximately 10 million people, which was blamed on the Clop ransomware group, which exploited a vulnerability in the MOVEit Transfer software. However, now there is no one else to blame for the incident, except for France Travail itself.
Experts emphasize the need to take proactive cybersecurity measures to reduce the frequency of such incidents, including investing in security platforms that allow you to detect and respond to threats in real time.
This incident sets France the task of tightening regulations and improving cybersecurity practices, especially in companies that work with sensitive data of a large number of citizens.
As a result of a large-scale data security breach of France's largest employment agency, the personal information of more than 43 million citizens was compromised. The event affected about two-thirds of the country's population, raising concerns about the risks of fraud and identity theft.
On March 13, 2024, the employment agency France Travail, formerly known as Pole Employi, reported that it was the victim of a data leak that exposed the personal data of registered users, including their names, social security numbers, dates of birth, email addresses, postal addresses, phone numbers and user IDs.
Following the discovery of the incident, the agency immediately notified the Commission nationale de l'informatique et des libertés (CNIL) and filed a complaint with the police, which led to the launch of a formal investigation. Preliminary results of this investigation showed that the attackers gained unauthorized access to the agency's systems on February 6, posing as one of the employees.
Although the agency emphasizes that bank information and account passwords were not stolen, CNIL cautions that attackers can use the available data to get missing information from other sources. In this regard, citizens should be more careful about potential phishing, fraud, and identity theft.
The commission also said that the data leak could have affected both current and past applicants over the past 20 years. All affected users, according to CNIL, will be notified individually. In addition, all victims can file a complaint with the Paris Prosecutor's Office to assist in the investigation.
The French cybersecurity community has criticized France Travail for security flaws, especially given that the agency has been storing users ' data for 20 years with access from the network, as well as delayed notifying the relevant authorities about hacking.
Ethical hacker Olivier Lorelli, known online under the pseudonym Bluetouff, previously tried to warn France Travail about security flaws in their new web application, but received no response. After the leak, the hacker posted a new tweet in which he said that he "had a good laugh" because of what happened, because he warned the company about possible consequences.
This incident became a record number of victims in France, exceeding the data leak of Viamedis and Almerys, which affected 33 million people, and occurred around the same time as the leak of France Travail, last February. It is possible that the same malefactors are even involved in the incident.
The previous large-scale data leak in France Travail occurred in August last year and affected approximately 10 million people, which was blamed on the Clop ransomware group, which exploited a vulnerability in the MOVEit Transfer software. However, now there is no one else to blame for the incident, except for France Travail itself.
Experts emphasize the need to take proactive cybersecurity measures to reduce the frequency of such incidents, including investing in security platforms that allow you to detect and respond to threats in real time.
This incident sets France the task of tightening regulations and improving cybersecurity practices, especially in companies that work with sensitive data of a large number of citizens.