French Agency Pajemploi Reports Data Breach Affecting 1.2m People

Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals.

The incident impacts registered professional caregivers working for private employers, typically parents using the Pajemploi service part of URSSAF - the French organization that collects social security contributions from employers and individuals.

"The Pajemploi service has been the victim of a theft of personal data belonging to employees of private employers using the Pajemploi service," reads the announcement from the agency.

"This cyberattack, detected on November 14, could have affected up to 1.2 million employees of private employers using the Pajemploi service," the public service says.

According to the French agency, the data potentially exfiltrated includes the following types:

Pajemploi's disclosure highlights that the hackers did not have access to bank account numbers (IBANs), email addresses, phone numbers, or account passwords.

Each person affected by the cybersecurity incident will be notified by Pajemploi individually.

Pajemploi also stated that the incident has not impacted its operations, and services such as the processing of submitted declarations or payment of salaries continue uninterrupted.

The agency notes that after detecting the breach, it took immediate action to stop the attack and protect its information systems. The organization also notified the French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI).

URSSAF recommends that everyone be extra cautious due to the elevated risk of fraudulent emails, SMS, or phone calls targeting them using the stolen information.

Source: BleepingComputer