Hackers steal personal data of 43 million French job seekers

French flag pictured on top of a government building against a clear sky backdrop.
(Image credit: Getty Images)

The personal data of more than half of France's population has been stolen in a cyber attack on two employment agencies.

According to France Travail and Cap Emploi, exposed data includes the first and last names, dates of birth, social security numbers, employment agency identifiers, email and postal addresses, and telephone numbers of 43 million people.

Passwords and banking details are not believed to have been affected by the breach, authorities noted.

"Personal information concerning job seekers currently registered with France Travail, people previously registered over the last 20 years as well as people not registered on the list of applicants employment but having a candidate space on francetravail.fr is likely to be disclosed and exploited illegally," France Travail confirmed in a statement.

Both agencies said they have notified the National Commission on Information Technology and Freedoms (CNIL), the National Agency for the Security of Information Systems (ANSSI) and the judicial authorities.

"The security of data entrusted to us by job seekers and businesses is a constant concern for us. In view of the threat of cyber attacks which is increasingly affecting businesses and organisations at national and European level, we must continuously strengthen our protection arrangements, procedures and guidelines," Cap Emploi said.

The attack hasn't yet been claimed, nor the data leaked. An initial investigation suggests the attackers are believed to have gained access in early February by impersonating a Cap Emploi civil service officer.

Dr Ilia Kolochenko, CEO at ImmuniWeb and adjunct professor of cyber security at Capital Technology University, said the timeframe of the breach is a particular point of concern, with the intrusion reportedly lasting around a month.

“Exfiltration of 43 million records is a quite 'noisy' event that should have normally been detected much faster," Kolochenko said.


"While other technical details of the data breach remain unknown for the time being, it is perfectly conceivable that hackers could stealthily stay inside for the entire month, compromising and backdooring other internal systems with more sensitive data.

“Even if the currently disclosed scope of the data breach is eventually confirmed, the already compromised data can – and quite probably will – be exploited in spear phishing, account takeover and other cyberattacks against the concerned individuals."

CNIL is warning those affected to remain vigilant over the potential threat of phishing attacks, and has advised at-risk individuals to avoid opening suspect email attachments or sharing passwords and banking details.

The attackers could, the agency warned, combine data with other data stolen in previous breaches for the purposes of identity fraud.

French public services have faced a major escalation in cyber attacks in recent months, authorities have warned. Earlier this week, sources from the French prime minister’s office told AFP the country has been subjected to attacks of “unprecedented intensity”.

The comments came in the wake of a series of attacks on French government departments which prompted authorities to activate a ‘crisis unit’ to deal with the incident.

In February, two French healthcare services firms fell victim to data breaches which affected around 33 million people.

Viamedis and Almerys said the stolen data included marital status, date of birth, social security number, the name of the customer's health insurer and the guarantees of their contract. 

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.