Skip to content
Data breachContained

377,418 jobseekers - data leak at Choisir le service public

France's state recruitment portal Choisir le service public disclosed in early February 2026 a breach exposing the application profiles of 377,418 candidates after attackers abused a compromised manager account; names, contact details, birth dates and career data were leaked and offered for sale.

Victim
Choisir le service public (Gouv.fr)
records
377.4K

On 3 February 2026, Choisir le service public β€” the French state's central recruitment portal for public-sector jobs β€” disclosed a data breach affecting 377,418 registered candidates. The intrusion was traced to the fraudulent use of a manager (administrator) account, which gave the attackers access to the full pool of applicant files. The platform temporarily suspended candidate logins and application submissions for several days while it secured the site.

The exposed records consisted of the candidates' application profiles rather than account credentials. According to the platform's notice, no candidate passwords, CVs or other uploaded attachments were compromised.

The leaked data categories included:

  • Identity details: surname, first name and date of birth
  • Contact information: postal address, email address and phone number
  • Education and academic history, including level of study
  • Professional-project data: type of job sought, desired employment category, languages spoken and geographic preferences

The stolen database was reportedly put up for sale on the dark web, with information on roughly 1,000 victims published as a sample. The operator notified the CNIL and ANSSI, indicated it would file a criminal complaint, and warned candidates of an elevated risk of identity theft and highly targeted phishing built on their professional backgrounds. The platform was restored after the security measures, leaving the incident contained.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-03-choisir-le-service-public-gouv-fr
  2. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-15-service-public-gouv-fr
  3. journaldugeek.comhttps://www.journaldugeek.com/2026/01/19/cyberattaque-sur-hubee-letat-reconnait-une-fuite-de-donnees-sensibles/
  4. incyber.orghttps://incyber.org/article/fuite-donnees-touchant-377-418-candidats-plateforme-choisir-le-service-public/
  5. generation-nt.comhttps://www.generation-nt.com/actualites/fuite-donnees-service-public-candidats-cyberattaque-phishing-2070945
  6. solutions-numeriques.comhttps://www.solutions-numeriques.com/fuite-de-donnees-la-plateforme-choisir-le-service-public-compromise/

Related incidents