Cyber Incident Victim: Caisse des Dépôts
Date:
Oct 2025
Location:
France
Summary
The Caisse des Dépôts disclosed that personal data of about 70 000 individuals, including roughly 1 000 elected officials, were accessed without authorization after attackers used compromised login credentials to enter a platform that public employers use to fulfill retirement‑regime obligations. The compromised credentials allowed illegitimate retrieval of information from affiliates of the Ircantec retirement scheme. The organization notified the affected persons by mail or email, blocked the fraudulent connections, strengthened account‑creation controls, enhanced overall system security, added checks for irregular activity in personal spaces, and informed its partners so they could adjust their own monitoring.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Wednesday 12 February 2025 the Caisse des dépôts learned that personal data had been compromised through the fraudulent use of login identifiers belonging to several public employers. The breach affected a total of 70 000 individuals, of whom 1 000 were elected officials. All of the affected persons are affiliated to the Ircantec, the retirement scheme managed by the Caisse des dépôts for contractual agents of the State, territorial and hospital public service, local elected officials and hospital practitioners. The attackers obtained the login credentials for the platform that the Caisse des dépôts provides to public employers—including the State, local authorities and health establishments—to enable them to fulfil their obligations toward the retirement regimes overseen by the institution. Using these credentials, the intruders gained illegitimate access to personal data of certain Ircantec affiliates. The Caisse des dépôts confirmed that the compromised data consisted of personal information linked to the retirement records of those affiliates. The organization stated that it had promptly notified the concerned individuals by email or postal mail. In addition, the Caisse des dépôts indicated that it had taken the measures that were necessary to remedy the data breach and to limit any negative consequences for the affected affiliates.
To contain the incident, the fraudulent connections that had enabled the illegitimate accesses were blocked. Control over account creation on the platform was strengthened to prevent further unauthorized entry. The security of the information system was reinforced more broadly, and as a precautionary measure, checks were instituted to verify the absence of any irregular activity originating from the personal spaces of affiliates managed by the Caisse des dépôts. All partners of the Caisse des dépôts group were informed so that they could implement or adjust their own alert systems to detect abnormal activity in their data processing environments. These actions were described by the organization as the steps taken to address the violation and to mitigate its impact on the individuals whose data had been exposed.