France Travail was sentenced by the National Commission for Information Technology and Liberties (Cnil) to a fine of five million euros after a data leak of 36.8 million users in March 2024, the CNIL announced on Thursday.
The operator then revealed that it had been the target of computer hackers who had extracted from a personal database identification information of job seekers then registered with France Travail but also “of people previously registered over the last 20 years”. Or “potentially” 43 million people.
After verifications and elimination of duplicates, this number was reduced to 36.8 million, France Travail told AFP. The sanction takes “into account the lack of knowledge of essential security principles, the number of people concerned, the volume and sensitivity of the data processed”, according to the CNIL.
The commission explains that the pirates “used techniques known as social engineeringconsisting of exploiting people’s trust, ignorance or gullibility. This method allowed them to usurp the accounts of Cap Emploi advisors, that is to say the structures responsible for supporting, monitoring and maintaining the employment of people with disabilities.
These Cap Emploi advisors have access to France Travail databases as part of a partnership between the two organizations.
“We regret the severity” of the decision
In its deliberation published on the Légifrance website, the CNIL notes in particular that “allowing attackers to test 50 different passwords before blocking the account increases the risk that one of their attempts will give them access to the account”.
“Regarding the robustness of passwords”, the CNIL asks France Travail “to justify compliance by implementing a password policy providing for mechanisms to restrict access to the account”. In a press release, the operator claims to be “fully aware of the seriousness of the events that occurred and the responsibility we have in terms of data protection. »
“Without contesting the CNIL’s decision, we nevertheless regret its severity,” adds France Travail. “Without waiting for the CNIL’s decision, we have already implemented the corrective measures requested, including double authentication for almost two years,” assures the operator.
The CNIL requested access restrictions for Cap Emploi advisors, attaching this injunction to a penalty of 5,000 euros per day of delay at the end of a period of one month after January 22, the date of notification of the fine.
https://www.myminifactory.com/users/Adeslasgo
https://articlescad.com/how-nabvio-reviews-products-without-hype-or-bias-42527.html
https://postheaven.net/6s86shvs12
https://disqus.com/by/findas_tokenomics/about/
https://pixabay.com/users/veterinarioadomiciliode-54227491/
https://iin.instructure.com/eportfolios/24002?verifier=v0Xid3D58SNGfduxwiGxJ29pfeDcyRWWTxA8AJjA
https://www.bizmaker.org/sofia-sofia-bulgaria/financial-services/findas-tokenomics
https://meisterbook.com/read-blog/18052
https://www.diigo.com/item/note/bpyq9/biao?k=b720f3615b3d0540587e803ec039dc08
https://pad.medialepfade.net/s/WML_D1kdl
https://md.chaospott.de/s/s2zFMTYAl
https://markdown.iv.cs.uni-bonn.de/s/XJam7mYZy
https://hedgedoc.stura-ilmenau.de/s/6fHGe-OQC
https://www.zoompo.com/thakral-hospital-gurugram/
https://pad.lamyne.org/s/pkVeLE8yR
https://global-networks.mn.co/posts/95333306
https://codimd.communecter.org/s/T2-sfD-f8
https://participa.favb.cat/profiles/adeslas_senior/activity
https://meta.diycities.jp/profiles/mejoresunaspermanent/followers
https://doc.projectsegfau.lt/s/fPcK8VBb2
https://rentry.co/h8mmu8zb
https://www.eslupsk.pl/ogloszenia,wyswietl,256038.html
https://erickgiif45556.dreamyblogs.com/39439330/what-sets-nabvio-apart-in-the-world-of-product-reviews
https://md.swk-web.com/s/5La0KsVB9
https://www.flickr.com/people/202347203@N06/