France Travail

France Travail, also operating under the alias Cap emploi, functions as a French public employment service organization focused on supporting job seekers and facilitating workforce integration. Its core activities involve managing candidate accounts and personal data for individuals engaged with employment services, including current and former job seekers registered over extended periods. The organization provides digital platforms for job seekers and partners, exemplified by the Kairos training portal utilized by external organizations for vocational training coordination. While specific service descriptions beyond data management and portal access are not detailed in available sources, its operational scope encompasses handling sensitive personal identification information such as full names, birthdates, social security numbers, and contact details. This data stewardship aligns with its role in administering employment support programs and maintaining records for individuals interacting with France’s labor market services.

The organization’s scale is evidenced by the substantial reach of its data breaches, which collectively impacted tens of millions of individuals. A March 2024 cyberattack compromised records spanning two decades of registrations, affecting up to 43 million people, while a subsequent July 2024 incident exposed approximately 340,000 additional accounts. These incidents reflect France Travail’s extensive operational footprint in managing job seeker information nationally. The persistence of historical data within its systems—retaining records of individuals who interacted with services over prolonged periods—further underscores its role as a long-standing repository for employment-related personal data.

France Travail distinguishes itself through its structured response to cybersecurity challenges, implementing measures like accelerated two-factor authentication deployment and enhanced partner access controls following breaches. Its collaboration with regulatory bodies such as the CNIL (Commission Nationale de l'Informatique et des Libertés) and ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) demonstrates adherence to national data protection protocols. The establishment of dedicated victim reporting portals, telephone support lines, and direct communications with affected individuals highlights its institutionalized approach to incident management. While financial data and passwords reportedly remained secure in both breaches, the recurring compromise of identity-related information emphasizes the organization’s handling of high-sensitivity personal data as a core function. No explicit details regarding ownership structure or subsidiary relationships are available in the provided sources.