The French employment agency, France Travail, has suffered a data breach that could affect hundreds of thousands of jobseekers.
The agency sent an email to its users on July 22, warning them of a data breach that was detected on July 13 on its “employment” portal, which is used by its partners.
The breach could have exposed personal data of 340,000 users, including names, postal and email addresses, phone numbers, France Travail identifiers and jobseeker statuses. The agency assured that users’ passwords and bank details are not affected.
“However, we recommend remaining vigilant regarding phishing risks," the employment agency's public statement warned.
Cyber-Attack via Infostealer Highlights 2FA Security Gaps
According to French tech news outlet Next, the breach was detected by the French cybersecurity agency’s (ANSSI) Computer Emergency Response Team (CERT-FR) on July 12.
The leak is believed to have been made possible by the compromise, via an infostealer malware, of a user account linked to a training organization based in Isère. The attackers then managed to gain access to Kairos, an application that enables training organizations to track the training progress of jobseekers.
“The service was immediately shut down, along with all other services hosted on the employment portal intended for our partners," a France Travail spokesperson told Next.
France Travail has filed a complaint with the French authorities, notified the French Data Protection Agency (CNIL), and informed the affected individuals.
The services affected by the precautionary shutdown, including the agency’s employment portal and Kairos, are expected to be reactivated on July 24.
France Travail stated that it has strengthened its security measures and accelerated the rollout of two-factor authentication (2FA) for Kairos, which was initially scheduled for October 2026.
This is the second time in two years that France Travail has suffered a data breach. In March 2024, malicious actors targeted the agency’s IT systems and those of Cap Emploi, a government employment service that supports people with disabilities. It affected the personal data of users who registered over the past 20 years, representing 43 million potential users’ data exposed.
No tags.
