French Employment Centers Targeted in Cyberattack

France’s Ministry of Labor and Employment has reported a cyberattack affecting the information system of a service provider used by the network of local employment centers (Missions Locales). The incident occurred on the night of October 23-24, 2024. An investigation is underway to ascertain the causes and specifics of the attack; however, preliminary assessments suggest that the security of the employment centers’ information systems remains intact.

In France, Missions Locales are public organizations established to support young people aged 16 to 25 who are neither studying nor employed but are seeking work or career guidance. They offer comprehensive assistance, covering not only employment but also education, social integration, vocational training, and support with administrative matters.

As a result of the attack, there is a risk of personal data leakage involving young people receiving assistance from these centers: surnames, first names, dates of birth, nationalities, email addresses, postal addresses, and phone numbers. However, social security numbers, banking details, and identity documents were not compromised.

Without awaiting the investigation’s conclusion, the Ministry of Labor and Employment has implemented measures to reinforce data protection. The incident was promptly reported to the National Commission on Informatics and Liberty (CNIL) and the National Agency for Information System Security (ANSSI), as mandated by the General Data Protection Regulation (GDPR).

Additionally, affected individuals have already been notified of the potential repercussions of the incident. A complaint has also been filed with law enforcement for further investigation.

The ministry has urged all affected individuals to exercise caution due to the heightened risks of phishing attacks, fraudulent calls, and data theft attempts. Experts advise against disclosing personal information, such as passwords and banking details, over the phone, by email, or via SMS.