Cyber Incident Victim: Caisse nationale d'assurance vieillesse

On September 13, the PPAS (Portail Partenaires de l’Action sociale) online portal, hosted by Caisse nationale d’assurance vieillesse (Cnav), experienced a data breach resulting from compromised accounts of social action providers. The portal, designed to manage billing for service providers handling social programs for retirees, was immediately taken offline following the detection of unauthorized access. Cnav's technical teams mobilized rapidly to investigate the incident, identifying account impersonation as the attack vector. Personal data of approximately 370,000 beneficiaries was exposed, including addresses, social security numbers, and approximate income figures. The compromised information primarily consisted of outdated records, with some belonging to deceased individuals. No banking details, retirement payment data, career history, or benefit disbursement records were accessed. Cnav confirmed the breach stemmed from external actors exploiting provider accounts rather than a direct infiltration of Cnav's core systems.

Cnav suspended all PPAS portal operations upon discovery and filed a mandatory breach notification with France’s data protection authority (CNIL). The organization committed to directly informing affected individuals and announced plans to file a legal complaint regarding the incident. Public apologies were issued to those impacted, alongside assurances of ongoing efforts to strengthen cybersecurity protocols across its networks. Cnav emphasized data security as an absolute priority but warned beneficiaries about heightened risks of identity theft due to widespread dark web circulation of personal information. The breach exclusively targeted the PPAS platform, leaving Cnav’s primary retirement management systems and financial data repositories unaffected. Restoration efforts for the portal were underway at the time of the disclosure, though no timeline for reactivation was provided.