Heimdal
article featured image

Contents:

Pole emploi, the government’s unemployment registration and financial assistance office in France, announced a data breach.

The incident affected 10 million French citizens whose data were exposed.

Details About the Pole Emploi Data Breach

The agency disclosed a security event of one of its service providers affecting the Pole emploi’s data.

Pôle emploi became aware of the breach of the information system of one of its service providers involving a risk of disclosure of personal data of job seekers. Investigations are underway at the service provider to find out the origin of this event. The security of Pôle emploi’s information systems is not in question.

Pole-emploi.org (Source)

Investigations are still ongoing, and the governmental agency notified the national authorities.

Potentially impacted by this theft of personal data include former job center users and job seekers who registered in February 2022. Le Parisien reports that an estimated 10 million people will be affected.

The estimate is based on the fact that, as of February 2022, 6 million people had registered at one of Pôle emploi’s 900 job centers, and another 4 million had done so in the year before the attack, but their information hadn’t yet been erased from the organization’s servers.

The Financial Aid Programs Is Not Impacted

Job seekers are told to feel comfortable using their passwords to log into the online employment portal at “pole-employment.fr” as the agency assured that the incident does not affect its financial aid programs.

The Pole emploi data breach exposed full names and social security numbers, but email addresses, phone numbers, passwords, and banking data have not been leaked.

Although the disclosed data is of limited use in cyberattacks, Pôle emploi warns registered job seekers to exercise caution when opening future messages.

Pôle emploi says that all its teams are now engaged in securing the data of job seekers and will continue to implement additional protection measures and procedures to prevent similar incidents from reoccurring in the future.

BleepingComputer (Source)

The agency has also established a special phone support line to address any queries or worries that anyone who was exposed might have regarding the occurrence.

Part of the MOVEit Breach

The data leakage incident involves the security firm Emsisoft as the responsible service provider. On its MOVEit page, the organization mentioned Pole emploi.

Nevertheless, the extensive MOVEit data breach is orchestrated by the Clop ransomware gang, and they have not yet made the French agency’s information public on their data leak platform.

Previously, the threat actors had declared their intention not to disclose data obtained from government agency breaches, so this omission could be a result of that strategy.

MOVEit, a file transfer application owned by Progress Software, was exploited by the Clop hacking group in May 2023. Subsequently, this breach has had a significant impact, affecting 59.2 million compromised individuals and 988 organizations. Notably, among the affected parties, Pôle emploi holds the second-highest number of impacted individuals, trailing only behind Maximus, which exposed 11 million records.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube, for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE