Cyber Incident Victim: Cap emploi 57
Date:
Mar 2024
Location:
France
Summary
France Travail and Cap emploi experienced a cyberattack compromising personal data of job seekers, including full names, birthdates, social security numbers, France Travail identifiers, contact details, and email addresses, though financial credentials and passwords remained unaffected. The breach potentially exposed information of approximately 43 million individuals, encompassing current and former registrants over two decades as well as non-registered users with candidate accounts on the organization's platform. Authorities including CNIL and ANSSI were notified, judicial complaints filed, and a dedicated reporting portal established for affected individuals while internal security measures were reinforced post-intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 5, 2024, France Travail and Cap emploi 57 publicly disclosed a significant cyberattack resulting in the illicit extraction of personal data belonging to job seekers. The breach exposed identification details including full names, dates of birth, social security numbers, France Travail identifiers, email and postal addresses, and phone numbers. Investigative findings confirmed that passwords and banking information remained uncompromised, eliminating risks related to unemployment benefit payments. The stolen database contained records of currently registered individuals, those registered within the past two decades, and non-registered persons with candidate accounts on francetravail.fr, potentially affecting 43 million people. Authorities attributed the data exfiltration to malicious cyber activity, though the specific intrusion methods or threat actors remained unspecified in initial disclosures.
France Travail and Cap emploi 57 initiated multiple response measures following the breach discovery. They notified France’s National Commission on Informatics and Liberty (CNIL) and the National Agency for the Security of Information Systems (ANSSI) under GDPR obligations, while simultaneously filing a judicial complaint with Paris prosecutors. The Paris Public Prosecutor’s Office opened a preliminary investigation delegated to the Cybercrime Brigade of the Paris Judicial Police, which established a simplified complaint portal for victims through cybermalveillance.gouv.fr. Affected individuals received advisories about heightened phishing and identity theft risks, with emphatic warnings against sharing passwords or banking details via unsolicited communications. The organizations committed to direct notifications through personal accounts and emails, accompanied by apologies, and activated a dedicated phone support line (39 49) for assistance. France Travail’s press service confirmed ongoing efforts to strengthen application access security with Cap emploi’s network partners following the intrusion, emphasizing continuous improvements to cybersecurity protocols amid escalating threats to European organizations.