Pôle emploi, the French state-run agency overseeing unemployment registration and support, has announced a significant data breach that potentially put at risk the personal data of 10 million individuals.

The agency said in a statement, “A breach in the information system of one of our service providers has led to potential unauthorized access to the data of those seeking employment.”

Individuals who registered with the agency in February 2022, as well as some past users of the service, are believed to be at risk due to this unauthorized data access.

Although Pôle emploi has not given an exact number of affected users, estimates from Le Parisien suggest that up to 10 million people might be affected. This is deduced from the 6 million registrations at Pôle emploi’s 900 centers by February 2022 and an additional 4 million from the year before, whose data remained on the system.

Also Read: Telegram-Based Phishing Operations Target E-commerce Users

The breached data comprises individuals’ full names and social security numbers. However, other details like email addresses, phone numbers, passwords, and banking information remain unaffected.

While the data exposed may not be particularly valuable for cybercriminal activities, Pôle emploi is urging its users to exercise caution with any unsolicited communications. The agency has also introduced a dedicated helpline for affected users to address their queries related to the breach.

The agency assures that they are taking all necessary steps to safeguard user data and further reinforce their cybersecurity measures to fend off future attacks.

Users should note that this breach does not affect Pôle emploi’s financial support programs. They can continue accessing the official employment portal at “pole-employment.fr” with their existing passwords.

Emsisoft, a security research firm, has identified Pôle emploi among those affected on its MOVEit page and confirmed the 10 million impacted figure. Interestingly, the Clop ransomware group, known for a broad MOVEit hacking campaign, hasn’t listed the French agency on its shaming site. They had previously claimed not to release data from government breaches, making the current situation ambiguous.

In the MOVEit hacking spree’s overall impact, Pôle emploi is second only to Maximus, which had 11 million users exposed. The overall damage from the MOVEit campaign now stands at a staggering 59.2 million people and 988 institutions.