Hackers steal personal data of 43 million French job seekers
Friday, March 15, 2024
The attack hasn't yet been claimed, nor the data leaked. An initial investigation suggests the attackers are believed to have gained access in early February by impersonating a Cap Emploi civil service officer.
Dr Ilia Kolochenko, CEO at ImmuniWeb and adjunct professor of cyber security at Capital Technology University, said the timeframe of the breach is a particular point of concern, with the intrusion reportedly lasting around a month.
“Exfiltration of 43 million records is a quite 'noisy' event that should have normally been detected much faster," Kolochenko said. "While other technical details of the data breach remain unknown for the time being, it is perfectly conceivable that hackers could stealthily stay inside for the entire month, compromising and backdooring other internal systems with more sensitive data.
“Even if the currently disclosed scope of the data breach is eventually confirmed, the already compromised data can – and quite probably will – be exploited in spear phishing, account takeover and other cyberattacks against the concerned individuals."
CNIL is warning those affected to remain vigilant over the potential threat of phishing attacks, and has advised at-risk individuals to avoid opening suspect email attachments or sharing passwords and banking details. Read Full Article
SourceSecurity: ImmuniWeb launches cybersecurity compliance service
SecurityWeek: Cyber Insights 2024: A Dire Year for CISOs?