French Employment Agency Announces Data Breach Exposes Personal Information of 10 Million Individuals

French governmental agency Pôle employ, on August 23rd, disclosed a data breach incident that is likely to affect around 10 million people registered with it.

The unemployment registration and financial aid provider stated that it became aware of the breach, a week before the announcement. One of its vendors, the Majorel company, responsible for documentation and registration of job seekers was impacted by the MOVEit campaign of Cl0p ransomware gang.

The campaign did not directly compromise the security of the agency’s internal IT system but the attack on the third-party’s system led to the data exposure of millions of job seekers. The agency did not confirm the number of affected individuals. However, French daily Le Parisien estimates the impacted individual number to be around 10 million.

According to the agency, the compromised data belongs to the people who had registered with it by the end of February 2022. The exposed data includes first and last name as well as social security number of individuals. Sensitive information like email addresses, phone numbers, password or bank details were not a part of the data leak.

Although the risk of phishing and other forms of cybercrimes is limited here, Pôle employ still advised the affected individuals to remain vigilant in the face of any type of communication that could appear fraudulent.

The agency has filed a report with the French data privacy agency CNIL and is also said to report to the concerned judicial authority. It has also set up a dedicated phone support for the impacted individuals and will also be implementing additional security measures to prevent occurrence of similar incidents in the future.

It further went on to state that its financial aid program continues to remain unaffected, and individuals can securely log onto their accounts using the ‘’pole-emploi.fr’’ portal.