The French national employment agency, Pôle emploi, has been hit by a cyber-attack potentially exposing critical information of up to 10 million people.
Several security researchers have linked the breach to the Clop ransomware gang’s MOVEit campaign, which has impacted 977 organizations and almost 59 million individuals at the time of writing.
Anti-virus software company Emsisoft has already listed the attack as linked to MOVEit and estimated that the French agency is the second-largest victim of the supply chain attack.
Read more: MOVEit Exploitation Fallout Drives Record Ransomware Attacks
The incident is thought to have exposed the names, employment statuses and social security numbers of six million people who registered with the agency in February 2022 and four million who had been off the register for less than 12 months at the time of the cyber-attack.
In a public statement published on August 23, 2023, Pôle emploi confirmed “a breach in the information system of one of its service providers, involving a risk of disclosure of jobseekers' personal data.”
Specifically, the IT systems of Majorel, one of the agency’s two digitization and jobseekers’ data processing contractors, have been compromised.
If verified, the French agency would not be the first organization to fall victim to the MOVEit hack via Majorel. In July, German insurer Barmer and Deutsche Bank told German media outlets that part of their information system had been compromised through Majorel Germany.
No tags.
