- France travail -overgrowth could affect thousands
- No threat actors assumed responsibility and the data has not yet been abused
- This is not the first time France Travel has been hit
France’s national employment agency has suffered a cyberattack where threat actors allegedly have access to sensitive data about “hundreds of thousands” of people.
In a notification of data violation sent to affected persons and seen by French local media, France Travail said that the criminals gained access to the data through Kairos, a digital platform used mostly by educational organizations and employment advisers to manage professional education activities, including tracking course registration, validation of financing requests and monitoring.
The original reports place the number of persons affected by approx. 340,000, with the exposed data including full names, postal addresses, e -mail addresses, telephone numbers and France’s travel mat numbers.
Suspect arrested
Although there is no evidence of abuse in nature, this type of data is valuable for criminals who want to perform identity theft or other activities.
When you know the identity and contact information from people looking for work, threat players can create compelling E emails and invite people to fake job interviews. Through these interviews, they can implement all sorts of malware or even ransomware.
Lazarus Group, for example, is famous for its Operation Dreamjob campaign, inviting their goals to false job interviews.
The good news is that financial information, such as banking data or credit card information, was not leaked. Still, France Travail encouraged all users to remain vigilant and pay special attention to unsolicited E emails.
According to CygenerwsThis is not the first time France Travail suffered a cyber attack, as a March 2024 event was significantly greater in scope that affected 43 million individuals – more than two -thirds of the country’s entire population, making it the greatest cyberattack in French history.
In the wake, three suspects aged 21 to 23 were arrested in connection with the attack. All three were based in France and allegedly mimicked Cap Emploi advisers to access. No known ransomware group has assumed responsibility and the attack is not formally attributed to any organized cybercrimal group.
