CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

France Travail Fined €5 Million for Data Breach Exposing 43 Million Records

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

The French data protection authority (CNIL) fined France Travail €5 million for failing to secure job seekers' data, leading to a breach that exposed personal information of 43 million individuals. The breach, which occurred in March 2024, involved social engineering techniques to hijack accounts of CAP EMPLOI advisers. The stolen data included names, dates of birth, national insurance numbers, and contact details, but did not include bank details or complete job-seeker files. CNIL ordered France Travail to implement corrective measures and provide a detailed schedule for compliance, with daily penalties of €5,000 for non-compliance. Three individuals were arrested in connection with the breach, aged 21, 22, and 23.

Timeline

  1. 29.01.2026 18:30 1 articles · 23h ago

    CNIL Investigation Reveals Multiple Security Failures at France Travail

    The CNIL investigation found multiple security and organizational issues at France Travail, including inadequate technical and organizational measures, weak authentication for Cap Emploi advisors, poor logging and monitoring, and overly broad access permissions. The agency failed to implement necessary security measures despite identifying them in their data protection impact assessments (DPIAs).

    Show sources
    Open in new tab
  2. 29.01.2026 15:36 2 articles · 1d ago

    France Travail Fined €5 Million for Data Breach Exposing 43 Million Records

    In March 2024, France Travail suffered a data breach exposing personal information of 43 million individuals. The breach involved social engineering to hijack CAP EMPLOI advisers' accounts, resulting in the theft of names, dates of birth, national insurance numbers, and contact details. CNIL fined France Travail €5 million and ordered corrective measures, with daily penalties of €5,000 for non-compliance. Three individuals were arrested in connection with the breach, aged 21, 22, and 23.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

CNIL fines Free Mobile €42 million for 2024 data breach

The French data protection authority (CNIL) has fined Free Mobile and its parent company, Free, a total of €42 million for inadequate protection of customer data during a 2024 breach. The incident exposed data of nearly 23 million subscribers, including IBANs for 25% of affected individuals. The breach stemmed from weak VPN authentication and ineffective activity monitoring, violating GDPR rules on data security, breach notification, and data retention. The CNIL investigation revealed that the companies failed to implement adequate security measures, notify affected individuals properly, and retain personal data only as long as necessary. Both companies must now complete their security improvements and data cleanup within specified deadlines.

Open in new tab

Pajemploi Data Breach Exposes 1.2M Individuals' Personal Information

Pajemploi, a French social security service for parents and home-based childcare providers, reported a data breach on November 14, 2025, potentially exposing personal information of 1.2 million individuals. The breach affected registered professional caregivers working for private employers. The stolen data includes full names, places of birth, postal addresses, social security numbers, banking institution names, Pajemploi numbers, and accreditation numbers. The agency assured that bank account numbers, email addresses, phone numbers, and account passwords were not compromised. Pajemploi took immediate action to stop the attack and notified the French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI). Each affected individual will be notified, and URSSAF advises caution due to the elevated risk of fraudulent communications using the stolen information.

Open in new tab

Eurofiber France Data Breach via Ticket Management System Exploit

Eurofiber France disclosed a data breach after hackers exploited a vulnerability in its ticket management system, exfiltrating customer data. The breach impacted the French division, including its cloud division (ATE portal) and regional sub-brands. The company patched the vulnerability and implemented additional security measures. A threat actor, 'ByteToBreach,' claimed responsibility, alleging the theft of data from 10,000 businesses and government entities. Eurofiber France notified the French data protection agency (CNIL) and the country's cybersecurity agency (ANSSI), and filed an extortion report.

Open in new tab

Capita fined £14m for 2023 data breach affecting 6.6 million people

Capita has been fined £14 million for security failings that led to a 2023 data breach impacting nearly 6.6 million people. The breach was caused by an employee downloading malware, which allowed the Black Basta ransomware group to gain access to the network. The ICO initially planned to fine Capita £45 million but reduced the penalty due to improvements made after the attack and cooperation with regulators. The ICO fined Capita plc £8 million and Capita Pension Solutions Limited £6 million. The breach compromised sensitive information, including pension and staff records, criminal records, financial data, and special category data. Over half of the 600 Capita Pension Solutions clients were affected, and 8,000 claimants brought a High Court case against Capita. The breach impacted 325 pension scheme providers in the UK. The ICO highlighted several security failures, including inadequate privilege management, delayed responses to security alerts, and insufficient penetration testing. The cyberattack occurred on March 22, 2023, and nearly one terabyte of data was exfiltrated between March 29 and 30, 2023.

Open in new tab

DaVita ransomware attack exposes data of nearly 2.7 million individuals

DaVita, a kidney dialysis firm, confirmed that a ransomware attack compromised the personal and health information of nearly 2.7 million people. The breach occurred between March 24 and April 12, 2025, affecting data from DaVita's dialysis labs database. The Interlock ransomware gang claimed responsibility and leaked approximately 1.5 terabytes of data. The stolen data included names, addresses, dates of birth, social security numbers, health insurance details, treatment information, and dialysis lab test results. In some cases, tax identification numbers and images of personal checks were also compromised. The impact includes potential identity theft and financial fraud for affected individuals.

Open in new tab