The French knowledge safety authority fined the nationwide employment company €5 million (almost €6 million) for failing to safe job seekers’ knowledge, which allowed hackers to steal the non-public data of 43 million individuals.
France Travail (previously often called Pôle Emploi) is the nation’s public employment service, offering unemployment advantages and serving to job seekers discover work. The company additionally maintains in depth databases containing private and monetary data for hundreds of thousands of French residents.
The Nationwide Fee on Informatics and Liberty (CNIL) imposed the penalty on France Travail following a knowledge breach in early 2024 that uncovered job seekers’ private data spanning 20 years.
In March 2024, the French authorities company disclosed that the attackers stole the delicate knowledge of as much as 43 million people, together with their names, dates of beginning, nationwide insurance coverage numbers, e-mail and residential addresses, and telephone numbers.
Nonetheless, the info breach did not have an effect on financial institution particulars or account passwords, and the hackers did not get hold of full job-seeker information, which can even have contained delicate well being knowledge.
“Within the first quarter of 2024, a number of hackers managed to hack into the FRANCE TRAVAIL data system. They used methods often called ‘social engineering,’ which contain exploiting individuals’s belief, ignorance or credulity,” the CNIL mentioned on Thursday.
“This methodology enabled them to hijack the accounts of CAP EMPLOI advisers, i.e. the organisations accountable for supporting, monitoring and upholding the employment of individuals with disabilities.”
The information safety watchdog additionally ordered France Travail to doc corrective measures and to supply an in depth implementation schedule. Failure to adjust to CNIL’s order will end in day by day penalties of €5,000 till the federal government company demonstrates that it has remedied its safety points.
In August 2023, France Travail suffered one other large knowledge breach affecting roughly 10 million people, exposing their full names and social safety numbers.
Final yr, CNIL additionally slapped Google with a €325 million ($378 million) positive for violating cookie laws and imposed a €150 million ($174 million) positive on Shein’s Irish subsidiary for related violations of the Common Information Safety Regulation (GDPR).
Extra just lately, it fined Free Cell and its mum or dad firm €42 million after an October 2024 knowledge breach for failing to guard buyer knowledge towards cyber threats.
It is price range season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, establish rising tendencies, and evaluate their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable impression.
