Personal data of approximately 10 million job seekers in France has been illicitly offered for sale online, following a massive data breach at a French governmental employment agency, as confirmed by multiple cybersecurity experts to Agence France-Presse.
Damien Bankal of the website “Zataz,” specializing in tracking data breaches, stated that the data owned by the agency “Pole Emploi” is being “sold on the dark web.” He further explained that a notorious hacker specialized in selling breached databases offered Pole Emploi’s database for $900 on August 8, containing information on 10.2 million users.
Likewise, cybersecurity expert Clément Domingo, known as “Sax,” reported on the former Twitter network, “X,” that the data is being sold for $900 on one of the hacker forums. Domingo confirmed that the offered file contains 10.2 million names and revealed that an initial version of this data was offered on August 8 and later updated with more information on August 21.
The responsible French employment agency, Pole Emploi, issued a warning on Wednesday, describing it as a “malicious online activity” targeting the company “Majorel,” which provides them with services. A formal investigation has been launched by the Paris Prosecutor’s Office into fraudulent hacking of an automated data-processing system.
Pole Emploi indicated that the data leak involves “individuals who registered in February 2022 and who have been inactive for less than 12 months,” suggesting that the number should be around 10 million. The data that could be exposed includes names, past or present employment status, and social security numbers, but the agency ruled out the possibility of email addresses, phone numbers, passwords, and bank details being among them.
Data breaches have become increasingly common in recent years, posing significant risks to individuals and organizations alike. In 2021, several high-profile data leaks, such as those involving LinkedIn and Facebook, affected millions worldwide. In such instances, personal information could be exploited for various malicious activities, including identity theft, phishing scams, and targeted attacks.
Given the severity and sensitivity of the situation, it is crucial for affected individuals to take immediate action to secure their personal information. Experts recommend monitoring one’s financial statements, setting up fraud alerts, and keeping a vigilant eye on personal email accounts for suspicious activity.
This incident serves as another stark reminder for institutions and organizations, especially governmental agencies, to ramp up cybersecurity measures and protect sensitive data to ensure the privacy and security of citizens.
