The personal data of more than ten million job seekers, compiled by a provider of the public agency Pôle Emploi and subject to a leak revealed this week, are for illegal sale on the web.
900 dollars (835 euros): this is the price for the personal data of ten million French people, subtracted from a service provider of Pôle emploi in charge of the digitization of documents.
“Pôle Emploi data are on sale on the “darknet”. A well-known hacker, a specialist in the sale of databases that he hacks or buys, put up for sale on August 8 a Pôle Emploi database dated 2022, of 10.2 million users, which he sells 900 dollars,” Damien Bancal of the Zataz.com site, one of the best experts in reporting data thefts, told AFP.
Cybersecurity expert Clément Domingo, alias @_SaxX_ on X (formerly Twitter) also reports the sale of this data for $900 on a hacker forum. The file has 10.2 million names, he said. “There was an initial spread on this forum of cybercriminals. On August 8, we found a first database, it was updated with much more information on the 21st,” he added.
Pôle Emploi, the public institution responsible for employment in France, called on August 23 job seekers to be vigilant, after “an act of cyber-maliciousness” towards one of its service providers, the Majorel company. An investigation has been opened by the Paris public prosecutor’s office for fraudulent introduction and maintenance in an automated data processing system.
Compromised data includes social security numbers
According to Pôle Emploi, this data leak concerned “people registered in February 2022 and people who had ceased registration for less than 12 months, i.e. potentially 10 million people”.
In its press release, the public body mentioned the possibility that the first and last names, current or former status of job seeker, social security number (or NIR) be put online, excluding that e-mail addresses, phone numbers telephone, passwords and bank details are concerned.
“The file dating from February 2022 that we were able to identify and which allowed us to trace the service provider who was the victim of this cybermalicious act contains the surname, first name, and NIR. No other sensitive information (email, telephone or bank details) is included in this file. Our service provider does not have this information, ”said the general management of Pôle Emploi on August 25 at the request of AFP.
Pôle Emploi also disputes that other information could have been disclosed, as claimed by one of the experts.
“The data to which this interlocutor refers comes from a stolen file dating from 2021 which had been the subject of a declaration to the Cnil on the part of Pôle emploi and of a communication with our users. This file contained data concerning in particular the surname, first name and contact details but no banking information”, underlined the public body.
RT All Fr Trans