43 million workers potentially affected in France Travail data breach

French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people.

The breach

The agencies announced on Wednesday that an intrusion exposed data of jobseekers registered in the last 20 years, as well as those with a candidate profile on the sites.

According to Cybermalveillance – a government platform for reporting cybercrime – the cyberattack was carried out between February 6 and March 5, 2024.

The attackers managed to steal personal data, including:

• Full name
• Date and place of birth
• Social security number (NIR)
• France Travail identifier
• Email address
• Postal address
• Telephone number

The French news outlet Le Figaro reported that the attackers impersonated Cap emploi advisors to break into the system.

France Travail noted that passwords and banking details are not affected, but advises users to stay vigilant to possible phishing attempts, fraud or identity theft.

Affected users will be informed about the incident via email or through their personal profile on the site. They can also file a complaint with the Paris prosecutor’s office, which opened a preliminary investigation.

Not the first time

This is not France Travail’s first data breach.

Last August, the agency suffered a data breach that affected approximately 10 million people.

The incident was a result of its service provider falling victim to the MOVEit Transfer hack, attributed to the Cl0p ransomware group.