Adrian Johnson
TLDR:
French unemployment agency data breach may have exposed 43 million records over a span of 20 years, including social security numbers and contact information. The breach was confirmed on March 13 and involved both the national unemployment agency and a government service for people with disabilities. The breach was reportedly caused by a social engineering attack and raises questions about the agency’s handling of personal information.
Full Article:
A data breach at France’s national unemployment agency, potentially impacting 43 million users over 20 years, was confirmed on March 13. The breach included names, social security numbers, dates of birth, user IDs, email and postal addresses, and phone numbers. It did not expose passwords or banking information, but users were warned to be cautious of phishing attempts.
The breach was caused by a social engineering attack in early February, carried out by pretending to be a government service officer. The breach raises concerns about the agency’s security practices, with criticisms of the slow response to the attack and questions about staff access to customer records and data retention policies.
The agency was previously breached in 2023, exposing 10 million records, leading to further scrutiny of its security measures. French authorities are investigating the breach, with potential GDPR violations being looked into.
Experts warn of the risks posed by the breach, with the stolen data potentially being used in cyberattacks such as spear phishing and account takeovers. Individuals impacted by the breach are advised to stay vigilant for suspicious communications.
