France Work announced Wednesday, July 23, that it was the target of a cyber attack, with a risk of disclosure of personal data potentially affecting 340,000 job seekers, which triggered the opening of a criminal investigation.
Confirming information from BFMTV, the public operator (ex-Pôle Emploi) indicates that he was informed on July 12 “Of malicious action” on one of its services. “The data of 340,000 job seekers have been consulted and would therefore be likely to be disclosed and exploited illegally”continues France Work.
These personal data are the “Names and first names, Date of birth, Identifier France Work, Mail and postal addresses and telephone numbers”passwords and bank details not being concerned.
“There is therefore no risk on compensation or the use of banking data for theft of funds on the accounts of the persons concerned”ensures the organization.
A cyber attack already in 2024
“A first notification to the CNIL was made, a complaint with the judicial authorities was filed. In accordance with our obligations in such cases, the persons concerned have been informed ”continues the press release. The Paris prosecutor’s office said that its cybercrime -fighting section has entrusted this survey for damage to an automated data processing system in the cybercrime (BL2C) brigade.
France Work had already been the target of a massive cyber attack at the beginning of 2024, with a risk of disclosure of personal data concerning 43 million people. The operation had started with a “Identity usurpation of Cap Emploi advisers”.
This time, the service concerned was ” quickly “ identified as “The KAIROS application allowing training organizations to act on monitoring job seekers’ training” and was “Immediately closed”According to the France Work press release.
The origin of the abnormal activity emanates from an account “Of a training organization based in Isère” was “Compromise by an infostealer, malicious software that captures authentication information”.
