Millions of users may have had their data leaked following a new security breach by the French government agency
A French government agency suffered a cyberattack that apparently resulted in the country’s largest ever data breach incident, affecting as many as 43 million victims.
The agency is called France Travail, the country’s unemployment registration and aid agency, which helps the unemployed find jobs and provides them with financial assistance. The organization was founded in 2008, after the merger of ANPE and ASSEDIC, and currently has approximately 45,000 employees.
In a press release published earlier this week, the organization said it had fallen victim to a cyber attack in which sensitive data collected over the past twenty years was stolen. It warned citizens to be wary of possible identity theft attacks, phishing attempts and similar cyber attacks.
Motives unknown
BleepingComputer says an estimated 43 million people have been affected, making this the largest data breach incident in the country’s history, surpassing February’s 33 million attack on Viamedis and Almerys. The data stolen in this attack included people’s full names, dates of birth, places of birth, social security numbers, France Travail identifiers, email addresses, postal addresses and telephone numbers. Financial or payment information has not been stolen, but added.
The attack was spotted in early March and lasted almost a month, the agency confirmed. In addition to unemployed people, the hackers also stole data from applicants.
France Travail did not say who the threat actors behind the incident are, or what their objectives were. So we don’t know if this was a ransomware attack or just data collection. No hacker collectives have yet taken responsibility for the attack.
This is not the first time that France Travail has suffered a devastating cyber attack that has led to data breaches. Last August, hackers managed to obtain sensitive information about 10 million people. That attack was attributed to the Cl0p ransomware collective, which took advantage of the MOVEit Transfer software vulnerability to compromise the system.