The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to 10 million people.
Several security researchers have linked the breach to the Clop ransomware gang’s MOVEit campaign, which has impacted 977 organizations and almost 59 million individuals at the time of writing.
Anti-virus software company Emsisoft has already listed the attack as linked to MOVEit and estimated that the French agency is the second-largest victim of the supply chain attack.
Read more: MOVEit Exploitation Fallout Drives Record Ransomware Attacks
The incident is thought to have exposed the names, employment statuses and social security numbers of six million people who registered with the agency in February 2022 and four million who had been off the register for less than 12 months at the time of the cyber-attack.
In a public statement published on August 23, 2023, Pôle emploi confirmed “a breach in the information system of one of its service providers, involving a risk of disclosure of jobseekers' personal data.”
Specifically, the IT systems of Majorel, one of the agency’s two digitization and jobseekers’ data processing contractors, have been compromised.
If verified, the French agency would not be the first organization to fall victim to the MOVEit hack via Majorel. In July, German insurer Barmer and Deutsche Bank told German media outlets that part of their information system had been compromised through Majorel Germany.
#Barmer, an insurer, confirmed to Spiegel that it was impacted by #MOVEit via a vendor called #Majorel on 31st May. Sources informed Handelsblatt that both #DeutscheBank & #Postbank use Majorel. h/t @Gi7w0rm 1/4 https://t.co/lQz2fLUnNs
— Brett Callow (@BrettCallow) July 10, 2023
Speaking to Infosecurity, Pôle emploi said the security of its information system remains untouched and welfare payments will continue.
The agency also confirmed that the breach does not affect jobseekers’ email addresses, phone numbers, passwords or bank details.
Clément Domingo, a French security researcher said on Twitter: "To date, there is no trace of any sample of potential leaked data on the dark web."
Investigations are underway at the organization’s premises to determine the origin of this event.
Pôle emploi filed a report with France’s data protection watchdog (CNIL) and said a complaint would be lodged with the judicial authorities.
"We understand the consequences of this event, and are doing everything in our power to limit its impact. All those concerned will be informed individually by e-mail," a Pôle emploi spokesperson told Infosecurity.
A toll-free phone number has been set up to answer job seekers' questions.