The personal information of roughly 10 million individuals was likely compromised in a data breach at French governmental unemployment agency Pole Emploi.
The agency, which registers unemployed individuals, provides them with financial aid, and helps them find new jobs, says it became aware of the incident just over a week ago.
The data breach, the agency says, was the result of a cyberattack on one of its service providers, and that no Pole Emploi system was affected.
According to Pole Emploi, the data compromised during the attack belongs to individuals who registered with the agency until February 2022, and includes names and social security numbers.
Other personal information, such as email addresses, phone numbers, passwords, and bank credentials were not affected.
“Although there is no risk on the compensation and support offered by Pole Emploi, nor on access to the personal space of pole-emploi.fr, Pole Emploi advises jobseekers to remain vigilant faced with any type of approach or proposal that could appear fraudulent,” a translation of the agency’s notification reads.
Pole Emploi also says it will notify all impacted individuals of the incident, but has not provided information on how many people might have been affected.
According to cybersecurity firm Emsisoft, the data breach was the result of the May 2023 MOVEit hack, which has impacted roughly 1,000 organizations and more than 60 million people.
Data collected by Emsisoft from various sources shows that roughly 10 million individuals might have been affected by the Pole Emploi data breach.
LeParisien reports that the data breach involved customer experience management firm Majorel, which was responsible for the digitalization and processing of documents provided by job seekers.
UPDATE: Responding to a SecurityWeek inquiry, Majorel said that the incident was not related to the MOVEit hack and that no other customer was affected.
“We are currently working very closely with Pôle Emploi on the data issue they have reported. Naturally, data security is one of our top priorities and our specialist teams are fully engaged on this matter to support Pôle Emploi. After Pôle Emploi notified us of the issue, an investigation was immediately launched which is still ongoing. In the meantime, we can confirm that this topic only relates to Tech & Expert services (the management and digitization of documents) we provide to Pôle Emploi in France and that no other clients, services, systems, or countries are impacted,” a Majorel spokesperson said.
Related: University of Minnesota Confirms Data Breach, Says Ransomware Not Involved
Related: Tesla Discloses Data Breach Related to Whistleblower Leak
Related: Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach
