The French social security service for parents and home-based childcare providers, Pajemploi, has suffered a data breach that may have exposed the personal information of up to 1.2 million individuals.
The incident impacts registered professional caregivers working for private employers who use the Pajemploi service, which is part of URSSAF, the French organization responsible for collecting social security contributions.
Details of the Breach
Pajemploi announced that the cyberattack, detected on November 14, affected employees of private employers using their service. The French agency disclosed that the potentially exfiltrated data includes the following types of information:
- Full names
- Place of birth
- Postal address
- Social security number
- Name of the used banking institution
- Pajemploi number
- Accreditation number
Crucially, Pajemploi highlighted that the hackers did not gain access to bank account numbers (IBANs), email addresses, phone numbers, or account passwords.
Response and Warnings
Pajemploi confirmed that the incident has not impacted its operations, and services such as the processing of submitted declarations and payment of salaries are continuing uninterrupted.
After detecting the breach, the agency took immediate action to stop the attack and secure its information systems. It also notified the French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI).
URSSAF strongly recommends that all affected individuals be extra cautious due to the elevated risk of fraudulent emails, SMS, or phone calls targeting them using the stolen information. Each person affected by the cybersecurity incident will be notified by Pajemploi individually. The disclosure comes after a police complaint was filed in connection with an extortion attempt linked to the attack.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
