France Travail, the French national employment agency, has recently been hit by a significant data breach, potentially affecting hundreds of thousands of jobseekers. The agency notified its users via email on July 22, detailing a security incident detected on July 13 within its “employment” portal, a platform utilized by its various partners. This breach is estimated to have exposed the personal data of approximately 340,000 users, including sensitive details such as names, postal and email addresses, phone numbers, unique France Travail identifiers, and their current jobseeker statuses. Importantly, the agency has confirmed that user passwords and bank details remained secure and were not compromised in this incident, though it strongly advises vigilance against potential phishing attempts.
The breach’s detection and subsequent investigation shed light on the sophisticated nature of the attack. According to the French tech news outlet Next, the French cybersecurity agency’s (ANSSI) Computer Emergency Response Team (CERT-FR) first identified the compromise on July 12. Investigators believe the data leak was facilitated by an infostealer malware that successfully compromised a user account associated with a training organization located in Isère. Following this initial compromise, the attackers managed to gain unauthorized access to Kairos, a critical application used by training organizations to monitor and track the progress of jobseekers through their various training programs.
In response to the detected breach, France Travail took immediate and decisive action to contain the threat.
A spokesperson for the agency informed Next that “The service was immediately shut down, along with all other services hosted on the employment portal intended for our partners.” This precautionary measure aimed to prevent further unauthorized access and mitigate the impact of the breach. In parallel with these technical measures, France Travail has also initiated formal proceedings, filing a complaint with the relevant French authorities and officially notifying the French Data Protection Agency (CNIL) about the incident, adhering to regulatory requirements regarding data breaches.
The employment agency has been working diligently to restore affected services and enhance its security posture.
The services that were temporarily shut down as a precaution, including the agency’s employment portal and the Kairos application, were slated for reactivation by July 24. Beyond the immediate restoration efforts, France Travail has committed to strengthening its overall security measures. A significant step in this direction is the accelerated rollout of two-factor authentication (2FA) for the Kairos application, a critical security upgrade that was originally scheduled to be fully implemented much later, in October 2026. This expedited deployment underscores the agency’s commitment to bolstering its defenses against future cyber threats.
This incident, unfortunately, is not an isolated one for France Travail, marking the second data breach the agency has endured within a span of two years. A previous, even more extensive breach occurred in March 2024, when malicious actors targeted the IT systems of France Travail and Cap Emploi, a government service dedicated to supporting individuals with disabilities. That earlier attack was far more pervasive, affecting the personal data of users who had registered with the agencies over the past two decades, potentially exposing the data of an astonishing 43 million individuals. The recurring nature of these breaches highlights the ongoing and evolving cybersecurity challenges faced by large public institutions holding vast amounts of personal data.
Reference:
