France’s governmental unemployment registration and financial aid agency, Pôle emploi, has released a statement informing citizens that it has been the target of a cyber attack that has exposed the data of over 10 million people.
The agency released a statement to the press on the 23rd August informing people that they became aware of a breach at one of its service providers towards the end of the previous week.
In the statement, Pôle emploi say that jobseekers registered in February 2022 and any former users of Pôle Emploi are potentially affected by the theft of personal data which includes first and last names and social security numbers.
Email addresses, phone numbers, passwords and bank details are not affected by the breach.
MOVEit
Pôle emploi have not released any data regarding the identification of the threat actors behind the data breach, although Pôle emploi is one of the organisations identified in the recent MOVEit data breach.
The Cl0p ransomware gang has not (yet) published Pôle emploi on its extortion site, although they have previously said they would not expose information obtained from breaches from government agencies, so it’s unclear if this omission is due to this fact.
If the breach of 10 million records from Pôle emploi is confirmed as being due to the MOVEit incident, it will place it second in terms of the number of impacted individuals
Currently, the US government services contractor Maximus has the number one spot for the number of affected individuals with over 11 million records exposed.
The total number of affected individuals of the MOVEit attack has now passed 59 million and has affected 988 organisations.