Cyber Incident Victim: France Travail
Date:
Mar 2024
Location:
France
Summary
France Travail and Cap emploi experienced a cyberattack resulting in the exfiltration of personal data belonging to current and former job seekers, including individuals registered over the past two decades and those with candidate accounts on their platform. Compromised information encompassed names, birthdates, social security numbers, identifiers, email and postal addresses, and phone numbers, though passwords and financial details remained unaffected. The breach potentially impacted 43 million individuals. Authorities including the CNIL and ANSSI were notified, judicial complaints were filed, and a dedicated reporting portal was established for victims. The organization initiated direct communications with affected parties through personal accounts and email, alongside deploying a telephone support line. Enhanced security measures were implemented following the incident to bolster application access protections for partners.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 5, 2024, France Travail (formerly Pôle Emploi) and its regional employment service Cap emploi suffered a cyberattack resulting in the confirmed exfiltration of personal data belonging to job seekers. The attackers illicitly extracted a database containing identification details of individuals currently registered with France Travail, those registered within the preceding 20 years, and non-registered individuals who maintained candidate accounts on francetravail.fr. This breach potentially exposed the personal data of approximately 43 million people. Compromised data fields included full names, dates of birth, social security numbers, France Travail identifiers, email and postal addresses, and telephone numbers. The investigation confirmed that passwords and banking details were not accessed, eliminating risks to unemployment benefits disbursement. France Travail attributed the incident to an act of "cyber malveillance" but did not disclose technical details regarding the intrusion method, attacker identity, or initial detection circumstances.
France Travail initiated a coordinated response following the breach. The organization notified France’s National Commission on Informatics and Liberty (CNIL) under GDPR obligations and alerted the National Agency for the Security of Information Systems (ANSSI). Judicial authorities were engaged through a criminal complaint filed with the Paris Public Prosecutor’s Office, which assigned the case to the Cybercrime Brigade of the Paris Judicial Police Directorate. A simplified complaint portal was established at https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/violation-de-donnees-personnelles-france-travail-formulaire-lettre-plainte-202403 for affected individuals. France Travail committed to directly notifying all identified victims via personal account messaging or email, issuing apologies, and activating a dedicated phone support line (39 49) for assistance. The organization emphasized heightened phishing and identity theft risks to victims, reiterating that legitimate agencies never request passwords or banking details via unsolicited communication. Internal security enhancements were implemented across France Travail and Cap emploi systems to strengthen application access controls for partners, though specific technical measures were not disclosed.