In a startling revelation, the French agency Pôle Emploi has suffered a major data breach, impacting a staggering 10 million individuals. The breach has exposed sensitive information, raising concerns about privacy and cybersecurity.
Pôle emploi, the French government agency that handles unemployment registration and financial aid, announced a data breach exposing information of 10 million people.
The agency became aware of a breach in the information system of one of its service providers. This breach has raised concerns about potentially revealing personal data of individuals seeking employment. The press release explains that individuals who registered as job seekers in February 2022 and former users of the job center might have their personal data compromised.
Although the agency’s statement doesn’t specify the exact number of affected individuals, a Le Parisien report suggests an estimated impact on about 10 million people.
This information stems from the fact that as of February 2022, approximately 6 million individuals had registered themselves at one of Pôle emploi’s 900 job centers. Furthermore, in the year leading up to the breach, an additional 4 million individuals had undergone registration. Nevertheless, their data had not been taken off from the agency’s systems at that point.
Financial Aid Programs Remain Intact
The leaked information includes full names and social security numbers, excluding email addresses, phone numbers, passwords, and banking data.
Though the exposed data has limited value for cybercrime, registered job seekers are advised by Pôle emploi to be cautious of incoming communications.
The agency has established a dedicated phone support line for queries from those affected by the breach.
Pôle emploi’s teams are actively securing job seekers’ data and reinforcing protection measures to prevent future incidents.
Financial aid programs remain unaffected, and job seekers can confidently access the online portal “pole-emploi.fr” using their passwords.
MOVEit breach
Regarding the responsible service provider for the data leak, Emsisoft’s MOVEit page mentions Pôle emploi. Emsisoft confirms the impact on 10 million individuals.
However, the Clop ransomware group, behind the MOVEit hacking campaign, hasn’t listed the French agency on its extortion site. These threat actors had stated they wouldn’t disclose government agency breach info, causing uncertainty about this omission.
Pôle emploi ranks second in affected individuals, with 11 million exposed in Maximus’ case. The MOVEit attack campaign now totals 59.2 million compromised individuals and 988 organizations.
Related stories:
