Data breach exposes info of over a million people at French agency

Up to 1.2 million individuals in France may have had their data exposed following a cybersecurity incident at Pajemploi, the country's parent- and in-home childcare worker-focused social security service, BleepingComputer reports.

According to the agency, the accessed data may include names, home addresses, birthplaces, social security numbers, Pajemploi- and accreditation-related identifiers, and banking institutions. Pajemploi emphasized that bank account numbers, account passwords, email addresses, and phone numbers were not part of the breach.

Operations remain unaffected, and the agency says it has notified both the National Agency for the Security of Information Systems and the French Data Protection Authority while also alerting each impacted individual. URSSAF advised those affected to be vigilant about possible fraudulent communications using the stolen data.

No ransomware group has taken responsibility for the attack, and URSSAF has not yet responded to requests for additional details, including whether any ransom demand has been made. The disclosure comes after other notable French data breaches, including France Travail's 2024 incident involving 43 million individuals and Eurofiber France's recent report of customer data theft following an attack last week.