Sensitive Data of 10m at Risk After French Employment Agency Breach


The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to 10 million people.

Several security researchers have linked the breach to the Clop ransomware gang’s MOVEit campaign, which has impacted 977 organizations and almost 59 million individuals at the time of writing.

Anti-virus software company Emsisoft has already listed the attack as linked to MOVEit and estimated that the French agency is the second-largest victim of the supply chain attack.

Read more: MOVEit Exploitation Fallout Drives Record Ransomware Attacks

The incident is thought to have exposed the names, employment statuses and social security numbers of six million people who registered with the agency in February 2022 and four million who had been off the register for less than 12 months at the time of the cyber-attack.

In a public statement published on August 23, 2023, Pôle emploi confirmed “a breach in the information system of one of its service providers, involving a risk of disclosure of jobseekers’ personal data.”

Specifically, the IT systems of Majorel, one of the agency’s two digitization and jobseekers’ data processing contractors, have been compromised.

If verified, the French agency would not be the first organization to fall victim to the MOVEit hack via Majorel. In July, German insurer Barmer and Deutsche Bank told German media outlets that part of their information system had been compromised through Majorel Germany.

Pôle emploi said the security of its information system remains untouched and welfare payments will continue.

The agency also confirmed to the French newspaper Le Parisien that the breach does not affect jobseekers’ email addresses, phone numbers, passwords or bank details.

Investigations are underway at the organization’s premises to determine the origin of this event.

Pôle emploi filed a report with France’s data protection watchdog (CNIL) and said a complaint would be lodged with the judicial authorities.

A toll-free phone number has been set up to answer job seekers’ questions.



Source link