The cybersecurity incidents associated with MOVEit Transfer attacks persist, with the latest victim being Pôle emploi, the French governmental agency responsible for unemployment registration and financial aid.
Pôle emploi revealed that the breach resulted from one of its service providers but assured that it was limited to full names and security numbers only. While other sensitive data remained unaffected, the agency urged affected individuals to remain vigilant against suspicious communications.
Leak of Data for Unemployed French Citizens
Pôle emploi, France’s governmental unemployment agency, disclosed a recent data breach incident caused by one of its service providers. Although the agency did not disclose the identity of the service provider, it stated:
“Job seekers registered in February 2022 and former users of the job center are potentially affected by this theft of personal data.”
While the agency did not specify the number of people affected, Le Parisien estimated it to be around 10 million individuals, based on the 6 million people registered in one of Pôle emploi’s 900 job centers by February 2022, and an additional 4 million in the 12 months before the attack.
The leaked data includes the full names and social security numbers of the registered individuals, while email addresses, phone numbers, passwords, and banking data were not compromised. Nevertheless, the agency advised affected individuals to exercise caution regarding incoming communications.
Pôle emploi has established a dedicated phone support line to address concerns of the affected individuals and is in the process of implementing additional security measures. The agency clarified that the incident does not impact its financial aid programs and encourages job seekers to continue accessing the online employment portal with confidence.
Emsisoft noted that Pôle emploi is among the victims of MOVEit Transfer supply chain attacks. However, the Clop ransomware, responsible for MOVEit attacks, has not yet included the agency in its list of victims.