Bleeping computer is reporting that a French unemployment service has been breached recently.
This French unemployment service has not had good luck, seeing that the first go round was with 10 million people as part of the Klop Ransomware group’s breach of Moveit, the file transfer program we’ve been talking about for years.
I write these as two words in a lot of my writing so that it is more clear, as the name is spelled as one word.
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals.
France Travail is the French governmental agency responsible for registering unemployed individuals, providing financial aid, and assisting them in finding jobs.
The information that may have been taken include but may not be limited to:
- Full name
- Date of birth
- Place of birth
- Social security number (NIR)
- France Travail identifier
- Email address
- Postal address
- Phone number
Again, I ask, is some of this necessary for you to do your job? I get it that some information like name, phone number, email address and address of residence may be needed. But is a social security number or equivalent identifier in that country absolutely necessary? OK, if the agency needs it to help people find a job, fine, but as I’ve told even my own job developer who tried to get me a job that we should not be supplying our SSN until we get hired.
Also, is the place of birth really needed? Its public knowledge that I was born in Tarzana, a city here in California, but does that information help employment agencies find anyone work? Nope. And, as I’ve learned in resumé writing, you should never put your full address, maybe a city and state should suffice. This shows the employer you’re in the area.
This data increases the risk of identity theft and phishing for the exposed individuals, so the agency recommends potentially impacted people to be particularly vigilant with emails, phone calls, and SMS they receive.
No shit! But nobody teavches this, and messages now a day are very convincing and are getting better with things we tell people to look for.
France Travail clarified that the data breach incident does not impact people’s bank details or account passwords, but CNIL warns that cybercriminals may use what’s available to correlate with missing data points from other breaches.
No fucking shit! Of course they will, but is this ever taught to anyone anywhere?
When I went to school, we were never taught on how to protect ourselves from this type of thing. This only really came to light after 2000 when breaches first started.
The biggest breach to cross my desk between 2000 and 2015 was the Target Breach, first reported by yours truly, Brian Krebs.
Those impacted by the data breach incident at France Travail can file a complaint with the Paris prosecutor’s office to help with the investigation.
Last August, France Travail suffered a massive data breach, which impacted approximately 10 million individuals.
The article continues:
That incident was indirectly attributed to the Clop ransomware group breaching the agency’s systems by exploiting a zero-day vulnerability in the MOVEit Transfer software tool.
That’s nice. So they had an incident of a smaller scale and the good news is that they weren’t directly at fault. But this time, it seems that is not the case.
The current cyberattack on the agency sets a new record in France, as it affects the largest number of individuals, more than the 33 million people impacted by the Viamedis and Almerys breach in February.
Please feel free to utalize the full article by finding the link. Pass it along to those who need to know, as I bet they won’t tell everyone this info. Send them the article if needed.
The article is titled French unemployment agency data breach impacts 43 million people which I said above should be shared. It has the entire details that people need to have. Have fun with this one!