The French job seeker agency Pôle Emploi has been hit by a data leak in which the data of 10 million French people is now publicly available.
According to Pôle Emploi, the data in question is the personal information of job seekers who registered in February of 2022. Former job seekers may also have been affected. More specifically, this involves the full names of job seekers and their ID numbers.
Data such as e-mail addresses, phone numbers, bank details and passwords were not captured. As a result, according to the government organization, the leaked data has little value for misuse by cybercriminals.
Cause in MOVEit attack
The cause of the data leak may be due to a ransomware attack via a vulnerability in Progress Software’s file transfer platform MOVEit. For this, hackers from the Clop ransomware gang are said to be responsible.
Pôle emploi is now listed by security company Emsisoft as one of the companies affected by this particular ransomware attack, including the figure of 10 million affected.
Numbers affected
The French government organization itself does not provide the number of those affected. The 10 million is based on research by French newspaper Le Parisien. According to this newspaper, about 6 million job seekers would have registered with one of Pôle Emploi’s 900 job centers in the month of February 2022. Four million did so in the 12 months before the attack, and their personal data would not yet have been removed from the government organization’s systems.
Pôle Emploi is now taking additional security measures. The French agency insists that the breach has no financial impact on potential victims and that they can use online services normally.
Also read: MOVEit attack hits 200+ organisations, but its impact is often unclear
1 day ago
