France Travail Breach Compromises Data of Millions

In a significant breach of data security, the largest employment agency in France, France Travail—formerly known as Pole Emploi—compromised the personal information of over 43 million citizens. This incident affected approximately two-thirds of the country’s population, raising concerns about the risks of fraud and identity theft.

On March 13, 2024, France Travail reported falling victim to a data leak that exposed the personal details of registered users, including their names, social security numbers, birth dates, email addresses, postal addresses, phone numbers, and user identifiers.

Upon detecting the incident, the agency promptly notified the French National Commission on Informatics and Liberty (CNIL) and filed a police complaint, initiating an official investigation. Preliminary findings revealed that perpetrators gained unauthorized access to the agency’s systems on February 6th by impersonating an employee.

While the agency emphasized that banking information and account passwords were not stolen, CNIL warned that criminals might use the disclosed data to gather additional information from other sources. As such, citizens are advised to remain vigilant against potential phishing, fraud, and identity theft.

The commission also revealed that the data breach could affect both current and former job seekers from the past 20 years. According to CNIL, all affected users will be individually notified. Moreover, all victims are encouraged to file a complaint with the Paris prosecutor’s office to assist in the investigation.

The French cybersecurity community criticized France Travail for its security shortcomings, especially given the agency’s 20-year data storage with network access and its delayed notification to the relevant authorities about the breach.

Ethical hacker Olivier Laurelli, known online as Bluetouff, had previously attempted to warn France Travail about security flaws in their new web application without receiving any response. Following the leak, he tweeted that he “had a good laugh” over the incident, having forewarned the company about potential consequences.

This incident has become the most significant in terms of the number of victims in France, surpassing the Viamedis and Almerys data breach, which affected 33 million people around the same time as the France Travail leak in February. It is possible that the same perpetrators were involved in both incidents.

A previous large-scale data leak at France Travail occurred in August of the preceding year, impacting approximately 10 million people, for which the Clop ransomware group was blamed, exploiting a vulnerability in the MOVEit Transfer software. However, France Travail itself is the only party to blame for the current incident.

Experts emphasize the necessity of adopting proactive cybersecurity measures to reduce the frequency of such incidents, including investing in security platforms that can detect and respond to threats in real-time.

This incident poses a challenge for France to tighten regulations and improve cybersecurity practices, especially among companies handling the sensitive data of a large number of citizens.