France fines employment agency €5 million for data breach affecting 43 million

As reported by Bleeping Computer, France's data protection authority has fined the national employment agency, France Travail, €5 million for a significant data breach that exposed the personal information of 43 million job seekers.

The breach, which occurred in early 2024, allowed hackers to steal sensitive data including names, dates of birth, national insurance numbers, and contact details. The attackers exploited social engineering tactics to compromise the accounts of CAP EMPLOI advisers, an organization supporting people with disabilities. While bank details and passwords were not affected, the incident highlighted a vulnerability in the agency's security measures. This follows another breach in August 2023 that impacted approximately 10 million individuals.

The €5 million penalty, imposed by the National Commission on Informatics and Liberty (CNIL), underscores the increasing regulatory scrutiny on data protection in France and the EU. CNIL has also ordered France Travail to implement corrective measures, with daily fines of €5,000 for non-compliance. This incident, alongside recent fines levied against Google, Shein, and Free Mobile, signals a growing trend of substantial penalties for data security failures under GDPR, emphasizing the critical need for robust cybersecurity practices across all sectors.

Source: Bleeping Computer