A major data breach at France’s national unemployment agency, France Travail (formerly Pôle Emploi), has potentially compromised the personal information of up to 43 million people, according to a statement released by the agency on Wednesday.

The cyberattack, which occurred between February 6 and March 5, 2024, as reported by the French cybercrime prevention initiative Cybermalveillance, may have resulted in the theft of sensitive data including names, dates of birth, social security numbers (NIR), France Travail identifiers, email and postal addresses, and phone numbers. It’s important to note that passwords and financial information were not compromised in this incident.

The exposed data encompasses individuals currently registered with France Travail for job search assistance, those who registered in the past 20 years, and even people who simply created an account on the agency’s website. France Travail is currently notifying all potentially affected individuals and urging them to remain vigilant against any suspicious activity that might exploit the stolen data.

The perpetrators behind the attack remain unidentified, with no known cybercrime group claiming responsibility. This is unfortunately not the first data breach for France Travail. In August 2023, the agency disclosed a separate incident that exposed the personal information of approximately 10 million people.

This large-scale data breach follows another concerning incident in February 2024, where France’s data protection agency (CNIL) launched an investigation into breaches at Viamedis and Almerys, both involved in managing third-party healthcare payments. Those breaches are estimated to have impacted a staggering 33 million individuals, nearly half of France’s population.

The French government has recently acknowledged a surge in cyberattacks targeting various government services, describing them as “unprecedented in intensity.”

Recommendations for Affected Individuals

While the specifics of the attack remain under investigation, here are some recommended steps for individuals who may have been impacted:

• Be wary of phishing attempts: Criminals might use the stolen data to launch targeted phishing scams. Remain cautious of emails, phone calls, or text messages requesting personal information or urging you to click on suspicious links.
• Monitor your credit report: Regularly check your credit report for any unauthorized activity. Early detection can help minimize potential financial damage.
• Strengthen your passwords: Use strong, unique passwords for all your online accounts, and consider enabling multi-factor authentication (MFA) for added security. 
• Report Suspicious Activity: If you suspect any fraudulent activity related to the data breach, such as unauthorized charges on your accounts or attempts to access your personal information, report it immediately to France Travail and the relevant authorities. This will help them track the scope of the attack and potentially identify the perpetrators. You can find reporting instructions on the France Travail website or by contacting their helpline. 
  
• Consider a Credit Freeze or Fraud Alert: While not mandatory, placing a credit freeze or fraud alert on your credit report can provide an extra layer of protection. A credit freeze restricts access to your credit report, making it more difficult for criminals to open new accounts in your name. A fraud alert, on the other hand, requires creditors to contact you for verification before approving any new lines of credit. Be aware that there may be fees associated with placing a freeze or alert, and the process for requesting and removing them varies depending on the credit bureau. You can find more information about credit freezes and fraud alerts on the website of the French National Commission for Information Technology and Liberties (CNIL) 

France Travail is likely to release further information as the investigation progresses. This data breach serves as a stark reminder of the importance of cybersecurity measures and vigilance in protecting personal information.