Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CNIL sanctions France Travail over GDPR security failures

Regulatory/Legal Action
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

France’s CNIL fined France Travail €5m and ordered corrective measures after finding GDPR security failures that exposed personal data for an estimated 43 million jobseekers. The enforcement follows a review of a March 2024 breach affecting France Travail and Cap Emploi systems. The regulator said the agency’s weak authentication, poor logging, and overly broad access permissions failed to protect sensitive records. The case matters because CNIL also set a strict compliance timeline with a €5000 daily fine for missed deadlines.

Related Happenings

France Titres / ANTS citizen-data breach and sale claim

Data Leak
First: 22.04.2026 00:46 Last: 22.04.2026 00:46 Sources 1

About this happening: France Titres / ANTS disclosed a **data breach** affecting **ants.gouv.fr** account records, and the exposed details could fuel **phishing** and social engineering. The affected d...

Latest development: 01.05.2026 20:52

French authorities detained a 15-year-old suspect over stolen data from France Titres (ANTS) and say the suspect used the alias breach3d to offer between 12 and 18 million records for sale from the ants.gouv.fr portal; prosecutors are seeking formal charges for unauthorized access, persistence, and data exfiltration from a state-run automated personal data processing system.

Open Happening

France Travail and Cap Emploi user data exposed in March 2024 breach

Data Leak
First: 29.01.2026 18:30 Last: 29.01.2026 18:30 Sources 1

How related: According to France Travail, exposed personal data included names, social security numbers, dates of birth, user IDs, email and postal addresses, and phone numbers of France Travail and Cap Emploi users.

About this happening: The **March 2024 breach** exposed personal data from **France Travail** and **Cap Emploi**, creating privacy and identity-theft risk for up to **43 million** potential users. The...

Open Happening

Timeline

  1. 29.01.2026 18:30 1 articles · 3mo ago

    CNIL concludes GDPR review of France Travail

    Legal Policy Action Update

    CNIL concluded its investigation on January 22, 2026 and found that France Travail had failed to secure jobseekers’ personal data. The regulator cited inadequate technical and organizational measures, weak authentication for Cap Emploi advisors, poor logging and monitoring, and overly broad access permissions, and said some measures identified in France Travail’s DPIAs were not implemented in practice.

    Show sources
    Open in new tab
  2. 29.01.2026 18:30 2 articles · 3mo ago

    CNIL issues €5m fine and corrective-order timeline for France Travail

    Legal Policy Action Update

    CNIL publicly issued sanctions against France Travail on January 29, 2026, imposing a €5m ($6m) fine after finding GDPR security failures tied to the breach of France Travail and Cap Emploi systems. CNIL also ordered France Travail to provide evidence of corrective measures on a strict timeline, warning that missed deadlines would trigger a €5000 ($5980) daily fine, and said the penalty reflected the number of affected individuals and the sensitivity of the data processed.

    Show sources
    Open in new tab