Data Breaches Affect French Employment Agency, Shipbuilder

share
Header image

Data Breaches Affect French Employment Agency, Shipbuilder

share

Data breaches reported at France Travail and Naval Group.


France Travail, the national employment agency of France, has disclosed a data breach affecting around 340,000 users.

Following unauthorised access, the breach of its partner portal was detected on July 13th, and may include personal identifiers such as names, addresses, phone numbers, email addresses, and user IDs, though the agency assures that banking information and passwords remain secure.

The breach was discovered by France's cybersecurity agency, reports French tech news outlet Next, which traced the intrusion to stolen credentials from a training organization in Isère, likely obtained through infostealer malware. The attackers reportedly exploited access to the Kairos application, which tracks jobseeker training progress.

France Travail responded by shutting down impacted systems and fast-tracking its two-factor authentication rollout.

This incident marks the agency’s second breach in two years, following a massive attack in March 2024 that potentially exposed data on 43 million users.

Shipbuilding

Also, a threat actor has claimed responsibility on a well-known data leak forum, alleging unauthorised access to critical assets from France's premier naval shipbuilder, Naval Group.

According to Cybernews, the attacker alleged that they gained unauthorised access to critical assets such as source code for combat management systems, technical documents, network configurations, and even developers' virtual machines.

Notably, instead of selling the data, the group appears to be leveraging it to extort the company with some researchers claiming that the stolen data looks legitimate.



Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Cyber CrimeData Breach Published: 24 July Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content

 UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth
Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says

 UK watchdog raises concerns over Jaguar Land Rover's cyber bailout

UK watchdog raises concerns over Jaguar Land Rover's cyber bailout
Stryker dismisses malware use, data theft following cyberattack

Stryker dismisses malware use, data theft following cyberattack