The personal data of more than 10 million job seekers are for sale on the "dark web" for only $ 900, after the hacking of a provider of Pôle emploi, confirmed several cyber experts Friday. Like the hospitals of Versailles, Corbeil-Essonnes or Rennes, or the municipalities of Lille and Marseille, it is the turn of Pôle emploi to have been the target of hackers, after a leak revealed this week by the organization.
"A well-known hacker, specialist in selling databases that he hacks or buys, put up for sale on August 8 a database of Pôle emploi dated 2022, of 10.2 million users, which he sells for $ 900," said Damien Bancal of the site Zataz.com, one of the best experts in reporting data theft. To attract customers, the hacker even published samples.
Cybersecurity expert Clement Domingo, aka @_SaxX_ on X (formerly Twitter) also reports the sale of this data for $ 900 on a hacker forum. "On August 8 we found a first database, it was updated with much more information on the 21st," he added.
"Do not hesitate" to consult your advisor "in case of doubt"
An investigation has been opened by the cybercrime section of the Paris prosecutor's office for fraudulent introduction and maintenance in an automated data processing system.
Pôle emploi had called Wednesday job seekers to vigilance, after "an act of cybermalevolence" of which one of its service providers, the company Majorel, was a victim. The organization had claimed that this data leak concerned "people registered in February 2022 and people in cessation of registration for less than 12 months, potentially 10 million people".
"The February 2022 file that we were able to identify and which allowed us to trace back to the provider victim of this act of cybermalevolence contains the name, first name, and NIR (Social Security number). No other sensitive information (email, telephone or bank details) appears in this file. Our service provider does not have this information, "said Friday the general management of Pôle emploi.
The organization calls on users to "be extremely vigilant" and "do not hesitate to contact their advisor or call 39 49 in case of doubt".
"A vast campaign of cyberattacks following software piracy"
"In May, there was a vast campaign of cyberattacks following the hacking of software used by this Pôle emploi provider. A global flaw has been used by these malicious actors - the Clop group - to affect more than 500 organizations around the world, including Pôle emploi," says Clément Domingo. ING, Deutsche Bank and Commerzbank were also targeted, notes Damien Bancal
Other cybercriminals can buy this data on the dark web, for example to launch more effective phishing campaigns. With a social security number, you can send your owner a credible SMS asking him to update his Carte Vitale.
" READ ALSO Versailles : the scam to the false SMS of the Health Insurance makes him lose 4,000 euros
The goal is to trick the victim into clicking on a malicious link, which for example installs software on their computer that encrypts their files, and then demand a ransom to unlock them. Medical data makes it possible to exert blackmail, tax data to be sent money for an imaginary tax reminder, etc. Even worse, a complete identity dataset can be used to steal an identity, for example to open an online bank account or send traffic fines back to a stranger.
By November 2024, the European NIS2 directive will require thousands of companies and administrations to strengthen their cybersecurity.