Young people’s data feared stolen in cyberattack on French government contractor

Avatar

France’s Ministry of Labor and Employment announced on Thursday that it discovered a cyberattack suspected to have impacted the data of young people it was helping get into employment.

According to the ministry’s statement, the attack directly impacted an unnamed service provider used by the department’s network of “Local Missions” — places that offer advice and support to people between the ages of 16 and 25 about work and training.

The attack is believed to have taken place last week, on the night of Wednesday October 23, said the ministry.

“Investigations are underway at the service provider to determine the origin of this event. The security of the information systems of the local missions network itself is not in question,” the statement added.

There is a risk that the incident could involve the disclosure of personal data for young people who have been registered with the ministry’s Local Missions system, including their full names, dates of birth, nationality, email and postal addresses, and phone numbers.

It did not state how many individuals were believed to have been affected, nor for how many years the Local Mission project’s records date back to. The program began in the 1980s.

“The bank details (IBAN), social security number and identity document of young people are not, however, affected by this malicious act.”

The statement added that although the technical investigation hasn’t been completed, and “measures aimed at strengthening the security of the information system” are yet to be fully implemented, it has taken several steps to address the breach.

The incident has been reported to France’s privacy regulator, the CNIL, and to France’s cybersecurity agency ANSSI, and a complaint has been filed with the country’s judicial authorities.

The young people affected by the cyberattack are being informed, and communications are also being made to, “where applicable, their legal representatives,” added the ministry.

Anyone who might be impacted has been cautioned to be “extremely vigilant regarding the risks of phishing (fraudulent emails, text messages or calls) or attempts at identity theft. We remind them to never communicate their password or bank details by telephone, text message or email.”

GovernmentCybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Los Angeles housing agency confirms another cyberattack after 2023 ransomware incident

Next Post

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Related Posts

Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. "The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,"
Avatar
Read More