Cyber Incident Victim: Cap emploi
Date:
Mar 2024
Location:
France
Summary
France Travail and Cap emploi were victims of a cyberattack that resulted in the illicit extraction of personal identification data including names, dates of birth, social security numbers, France Travail identifiers, email and postal addresses and phone numbers; passwords and banking details were not compromised. The exposed data pertains to current and former job seekers registered over the past twenty years as well as individuals with a candidate space on the francetravail.fr platform, potentially affecting millions of people. In line with GDPR obligations, the organizations notified the CNIL, informed ANSSI and filed a complaint with judicial authorities. A preliminary investigation was opened by the Paris Public Prosecutor’s Office and assigned to the Paris Judicial Police’s Cybercrime Brigade, which established a simplified complaint portal for affected individuals. The entities pledged to inform those impacted via personal spaces or email and to provide a dedicated telephone information service.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 5 2024, France Travail and Cap emploi disclosed that they had been victims of a cyberattack. The attack resulted in the illicit extraction of a database containing personal data of job seekers. The exposed data include first and last name, date of birth, social security number, France Travail identifier, email and postal addresses, and telephone numbers. Passwords and bank details were not compromised according to the investigations. The database encompasses information of persons currently registered, persons previously registered over the last twenty years, and persons who are not on the job seekers list but hold a candidate space on francetravail.fr, potentially affecting up to forty‑three million individuals.

In line with its GDPR obligations, France Travail notified the Commission Nationale de l’Informatique et des Libertés and informed the Agence nationale de sécurité des systèmes d’information. A complaint was filed with the judicial authorities, prompting the opening of a preliminary investigation by the Paris Prosecutor’s Office. The investigation was entrusted to the Brigade de Lutte Contre la Cybercriminalité de la Direction de la Police Judiciaire de Paris. This brigade established a simplified complaint procedure for affected persons, accessible via a dedicated online form. The procedure allows individuals to submit statements regarding the data breach.
France Travail stated that it will inform, via personal accounts or email, all persons identified in the breach and will present its apologies to them. A dedicated information service will be made available through the telephone platform 39 49 to assist those who require assistance. Press contacts were provided: Jennifer Reglain at 07 77 28 15 46, [email protected], and Marion Fonteny at 06 25 05 39 18, [email protected]. Following the confirmation of the intrusion, complementary security measures were implemented with the Cap emploi network to strengthen the protection of access to the organization's applications by partners. No further details about the attack vector or perpetrators were disclosed in the sources.
