It was the staggering number, revealed last weekend by the specialized site Zataz, of data of job seekers hacked and put up for sale on a forum.
Nestled on the Darknet, it is known, according to our information, to do some shady transactions there.
What trigger a panic at the operator and a lot of anxiety among the unemployed.
According to the first elements of the investigation opened last Friday by the services of Jean Bassères, the boss of Pôle Emploi, with the assistance of the National Agency for the Security of Information Systems, "the data leak" "would concern this stage ten times less people than envisaged ”, indicates to us his entourage. In other words, around 120,000 unemployed, which is already a lot. As for the hypothesis of a cyberattack, it is for the time being put aside. “This leak would be due to human actions, but at this stage, it is not yet possible to determine the origin. "
It was on June 10, a date confirmed by Pôle emploi, that this offer to sell the database was put online for $ 1,000 (around 840 euros) and withdrawn at the weekend.
"Usernames, passwords, social security number and payment information are not affected by the data leak," says Pôle Emploi, which nevertheless warns job seekers about possible phishing.
“Although there is no risk on compensation, nor on access to the personal space of people on Pole-emploi.fr, the people concerned are advised to remain vigilant in the face of fraudulent job offers. and proposals for updating their situation by email, SMS or sites external to Pôle emploi.
Unemployed concerned informed
Clearly, this means that the data of the "profile" of the unemployed indicated on the space open to employers are, they, well concerned. This is his name, first name, telephone number, email address, home address, professional experience, names of former employers, diplomas. "We were alerted to the hacking during the night from Friday to Saturday when the computer update of the Pôle Emploi software was carried out, so at a time of computer fragility," says an official of the CGT unemployed. "Last March, we had already lifted the hare and seized the management on this IT flaw and on another used by hackers on the space devoted to employers, which gives access to all the profiles of the unemployed", continues- he.
Concretely, a swindler who creates a fake Siret company account can have access to all the profiles of the unemployed, the time when the check on his account has not yet been carried out. In the old system, when employers wanted to have access to the profiles of the unemployed, it was the Pôle Emploi agent who made a preselection and granted a “Pass” allowing certain data to be viewed. For about ten years, access has been done without the intervention of agents.
The operator has already informed the first unemployed victims of the piracy. "It will do the same when its investigations have been carried out and made it possible to identify all the people concerned", adds Pôle emploi. The issue of personal data security will also be on the menu of the next national liaison committee on June 23, which brings together all the representatives of the defense of the unemployed.