French government agency leaks personal information of 10 million people

The Bleeping Computer website has revealed that Pôle emploi, the French government's unemployment registration and financial assistance agency, has reported a data breach that compromised the personal information of 10 million people.

In a press release, Pôle emploi claimed that a cyber breach of one of its suppliers' information systems may have compromised the personal data of job seekers, affecting mainly job seekers registered in February 2022 and former users of job centers.

Although Pôle emploi did not specify the exact number of people affected by the incident, Le Parisien reported that the number of people affected was estimated at 10 million. This is based on the fact that as of February 2022, 6 million people had registered with Pôle emploi's 900 job centers, and another 4 million had registered in the 12 months prior to the attack, and none of these people's data had been deleted from the agency's systems.

Funding programs unaffected by data breach

People's information that was compromised included full names and Social Security numbers, but email addresses, phone numbers, passwords, and banking data were not affected by the data breach. Despite the limited "usefulness" of the compromised data for cybercrime, Pôle emploi is advising registered job seekers to be cautious about the information they receive, and the organization has set up a dedicated telephone support line to address any questions or concerns people may have about the breach.

Pôle emploi promises that its internal team is currently working to ensure the security of job seekers' data and will continue to implement additional protections and procedures to prevent a recurrence. The agency has also stated that this data breach will not affect its financial assistance programs and that job seekers can visit the "pole-employment.fr" online employment portal with confidence.

MOVEit Vulnerability

Security firm Emsisoft listed Pôle emploi on its MOVEit page and confirmed that 10 million people were affected by the data breach. However, the Clop ransomware group, which carried out the massive MOVEit cyberattack, has not yet published the French organization Pôle emploi on its ransom site.

Pôle emploi is said to be second in terms of the number of people affected, behind Maximus with 11 million people exposed, and the MOVEit campaign has reached 59.2 million people affected, involving 988 organizations.