French government unemployment aid agency reports Data breach, exposes 10 million individuals

Pôle emploi, the French governmental agency responsible for unemployment registration and financial aid has reported a data breach in which the data belonging to approximately 10 million individuals has been exposed. The breach of the third party provider is most probably caused by the MOVEit vulnerability.

The breach was linked to a compromise of the information system of one of its third party service providers and impacts individuals who registered as job seekers in or before February 2022, as well as former users of the job center. The exact number of affected individuals is not explicitly stated in the agency's announcement. However, it's reported by the newspaper "Le Parisien" that an estimated 10 million people are likely affected.

This estimate is based on the fact that around 6 million individuals had registered in Pôle emploi's 900 job centers by February 2022, and an additional 4 million had done so in the 12 months preceding the attack. The data of these latter individuals had not yet been removed from the agency's systems.

The compromised data primarily includes full names and social security numbers. Other information such as email addresses, phone numbers, passwords, and banking details have not been compromised in this data leak.

While the exposed data might have limited usefulness for cybercriminal activities, Pôle emploi is advising registered job seekers to exercise caution with regards to incoming communications. The agency has also established a dedicated phone support line to address concerns and queries from affected individuals.

Pôle emploi has reassured the public that its financial aid programs remain unaffected by this breach, and job seekers can confidently continue to access the agency's online employment portal using their passwords.