Personal Information of 10 Million Job Seekers Sold on Dark Web After Cyberattack on Pole Emploi
In a startling revelation, the personal data of approximately ten million job seekers has been illicitly offered for sale on the dark web following a severe data breach at Pole Emploi, the French government employment agency. The breach, which underscores the alarming vulnerability of personal data in the digital era, has sent shockwaves through the cybersecurity community.
Converging French media reports this week unveiled the extent of the cyberattack that targeted the French government employment agency. The breach compromised the personal information of a staggering 100 million job seekers. Security experts are now issuing warnings to individuals, urging them to remain vigilant against potential identity theft and fraud.
Renowned cybersecurity professionals have shed light on the breach’s intricacies. Damien Bancal, a cybersecurity specialist associated with Zataz.com, revealed that a well-known hacker with a history of selling compromised databases had listed a batch of data on August 8. The database, dated 2022, contained information from approximately 10.2 million users. The hacker set a price of $900 for the stolen data and offered samples to attract potential buyers.
Clement Domingo, a respected figure in the cybersecurity domain, corroborated the illicit sale of the data on a hacker forum. Under his online moniker @SaxX, Domingo confirmed that the database was initially discovered on August 8, with an updated version featuring more comprehensive information emerging on the 21st.
In response to the breach, Pole Emploi issued a cautionary statement to its registered job seekers, alerting them to exercise caution due to “an act of cyber malevolence” targeting one of its service providers, Majorel.
The breach triggered an immediate investigation by the cybercrime division of the Paris prosecutor’s office, focusing on charges of fraudulent entry and maintenance within an automated data processing system.
Pole Emploi clarified that the compromised data pertained to individuals who had registered in February 2022 or had discontinued their registration within the past 12 months, potentially impacting up to 10 million people. The exposed data primarily included names, surnames, and NIR (Social Security numbers). The agency assured the public that more sensitive information such as email addresses, phone numbers, and bank details remained secure.
This incident appears to be part of a larger-scale cyber attack campaign that unfolded in May, affecting numerous organizations across the globe. Clement Domingo underscored that the cyberattack exploited vulnerabilities in software utilized by Pôle emploi’s service provider, Majorel. This attack, attributed to the Clop group, targeted over 500 organizations worldwide, including notable financial institutions like ING, Deutsche Bank, and Commerzbank.
As governments and organizations grapple with the escalating threat of cyberattacks and data breaches, the breach at Pole Emploi serves as a stark reminder of the critical need for robust cybersecurity measures to safeguard sensitive personal information in an increasingly digital world.