Data Breach Exposes Personal Information of 10 Million Individuals in France
The French governmental unemployment registration and financial aid agency, Pôle emploi, has reported a data breach that has resulted in the exposure of personal data belonging to 10 million individuals.
“Pôle emploi became aware of a security breach in the information system of one of its service providers, which posed a risk of disclosing personal data of job seekers,” states the official press release.
“Job seekers registered in February 2022, as well as former users of the job center, may have been affected by this theft of personal data.”
Although the exact number of affected individuals has not been disclosed by the agency, Le Parisien estimates that around 10 million people may have been impacted.
This estimation is based on the fact that 6 million individuals had registered in one of Pôle emploi’s 900 job centers by February 2022, and an additional 4 million had done so in the previous 12 months leading up to the attack. However, their data had not yet been deleted from the agency’s systems.
Financial Aid Programs Remain Unaffected
The exposed information includes full names and social security numbers. However, email addresses, phone numbers, passwords, and banking data have not been affected by this data breach.
Pôle emploi advises registered job seekers to exercise caution when receiving communications and to be vigilant against potential cybercrime operations.
In response to the incident, the agency has set up a dedicated phone support line to address any questions and concerns from affected individuals.
Pôle emploi reassures job seekers that all necessary measures are being taken to secure their data, and additional protection measures and procedures will be implemented to prevent similar incidents in the future.
The agency emphasizes that its financial aid programs remain unaffected, and job seekers can confidently access the online employment portal at “pole-emploi.fr” using their passwords.
The service provider responsible for the data leak, as listed by security firm Emsisoft on its MOVEit page, is Pôle emploi. The cybersecurity company also confirms that 10 million individuals have been impacted.
However, the Clop ransomware gang, which carried out the massive MOVEit hacking spree, has not yet included the French agency on its extortion site.
Previously, the threat actors stated that they would not expose information obtained from breaches in government agencies. Therefore, it remains uncertain if the omission is a deliberate tactic.
Pôle emploi ranks second in terms of the number of affected individuals, surpassed only by Maximus with 11 million exposures. The overall tally of the MOVEit attack campaign now stands at 59.2 million compromised individuals and 988 organizations.