French Agency Pajemploi Data Breach Exposes 1.2 Million Users
▼ Summary
– Pajemploi, a French childcare social security service, suffered a data breach potentially affecting 1.2 million individuals.
– The breach exposed personal data including full names, social security numbers, addresses, and banking institution names, but not bank account numbers or passwords.
– The cyberattack was detected on November 14, and Pajemploi has notified affected individuals and authorities while maintaining uninterrupted services.
– URSSAF advises increased vigilance against fraudulent communications due to the risk of misuse of the stolen information.
– This incident follows other recent French data breaches, including one at France Travail affecting 43 million people in March 2024.
A significant data breach has struck Pajemploi, the French social security platform supporting parents and home childcare providers, potentially compromising the personal details of 1.2 million users. This incident primarily affects registered professional caregivers employed privately through the system, which operates under URSSAF, the organization responsible for collecting social security contributions across France.
Officials from the agency confirmed that the Pajemploi service experienced a theft of personal data belonging to employees of private employers using its platform. The cyberattack, identified on November 14, could impact as many as 1.2 million individuals connected to the service.
Information that may have been accessed by unauthorized parties includes full names, place of birth, postal address, social security number, the name of the banking institution used, the Pajemploi identification number, and the accreditation number. However, Pajemploi clarified that hackers did not obtain bank account numbers, email addresses, telephone numbers, or user passwords.
Each person affected by this cybersecurity event will receive individual notification from Pajemploi. The agency emphasized that its operational capabilities remain unaffected, with services such as declaration processing and salary payments continuing without interruption.
Upon detecting the breach, Pajemploi took immediate steps to halt the attack and secure its information systems. The organization also reported the incident to the French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI).
URSSAF is advising heightened vigilance due to increased risks of fraudulent emails, text messages, or phone calls that might leverage the stolen personal information. Although BleepingComputer reached out to URSSAF for additional details about the breach and any potential ransom demands, no response was received before publication.
As of now, no ransomware group has publicly claimed responsibility for the attack on Pajemploi. This incident follows another major data breach in March 2024, when France Travail, the national employment agency formerly known as Pôle Emploi, had personal data of 43 million individuals exposed.
Separately, over the past weekend, Eurofiber France announced that hackers infiltrated its network on November 13, stealing customer information from its ticket management platform.
In a recent update, LeMagIt.fr reported that ANSSI detected the Pajemploi breach after portions of the stolen data appeared on dark web forums, prompting the agency to notify URSSAF about the security compromise.
(Source: Bleeping Computer)
