Cyber Incident Victim: Caisse des Dépôts
Date:
Jan 2025
Location:
France
Summary
A cybersecurity incident at Caisse des Dépôts involved the fraudulent use of login credentials from public employers to illegitimately access personal data of approximately 70,000 individuals affiliated with the Ircantec pension scheme, including 1,000 elected officials, public sector contract workers, and hospital practitioners. The breach occurred through a platform managed by the institution for public employers to fulfill pension obligations. Unauthorized access to personal data prompted immediate security enhancements, including blocking fraudulent connections, strengthening account creation controls, and verifying the absence of irregular activities in affected accounts. All impacted individuals were notified via email or postal mail, while partners were alerted to adjust monitoring systems for abnormal data processing activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 12, 2025, Caisse des Dépôts disclosed a data breach impacting 70,000 individuals affiliated with the Ircantec pension scheme, including 1,000 elected officials. The incident involved unauthorized access to personal data through compromised login credentials belonging to public sector employers using the institution's pension management platform. Attackers exploited these credentials to illegitimately access the system, targeting individuals comprising state, territorial, and hospital public service contract workers, local elected officials, and hospital practitioners. The platform, managed by Caisse des Dépôts, facilitates retirement-related obligations for public employers including the state, local authorities, and healthcare institutions. The breach specifically exposed personal data of Ircantec affiliates but did not compromise financial or transactional systems. Caisse des Dépôts identified the fraudulent activity through unauthorized logins, though the exact timeframe of the intrusion was not publicly specified.
Upon detection, Caisse des Dépôts implemented immediate containment measures, blocking the fraudulent connections and reinforcing authentication controls for account creation on the platform. The institution notified all affected individuals via email or postal mail, detailing the breach and advising on remedial steps. IT security enhancements were deployed across systems, with additional verification protocols established to monitor for irregular activities within personal account spaces managed by the organization. Partners of Caisse des Dépôts received alerts to adjust their own data processing alert systems for anomalous activities. The breach did not result in disclosed financial fraud or identity theft incidents at the time of reporting, though the exposure of personal data created potential risks for targeted phishing or social engineering attacks against victims. No ransomware deployment or data extortion demands were referenced in the disclosure.