Skip to content
Supply chainContained

Leak at France Travail

France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.

Victim
France Travail
records
340.0K

On 22 July 2025, France Travail — France's national public employment agency (formerly Pôle Emploi) — notified users that an unauthorized intrusion had exposed the personal data of roughly 340,000 job seekers. The compromise was traced to Kairos, the platform France Travail uses with partner training organizations, and was flagged to the agency by CERT-FR (ANSSI) after activity detected around 12–13 July.

The attack was not a direct breach of France Travail's core systems. Instead, attackers abused a legitimate user account belonging to a training organization based in the Isère department, whose credentials had been stolen by infostealer malware. Using that compromised partner access, they were able to query and extract jobseeker records through Kairos.

Exposed data categories:

  • First and last name
  • Date of birth
  • France Travail identifier
  • Email and postal address
  • Phone number
  • Jobseeker status

France Travail stated that passwords and banking details were not affected. As an immediate response, the agency temporarily took its "employment" portal and Kairos offline (services restored around 24 July), filed a criminal complaint, notified the CNIL under the GDPR, and accelerated the rollout of two-factor authentication for Kairos — originally planned for later — to harden partner access. The CNIL opened an investigation and issued guidance to affected users on guarding against phishing and identity fraud. This was a separate, smaller incident from the much larger March 2024 France Travail/Cap Emploi breach.

Sources

  1. francetravail.orghttps://www.francetravail.org/accueil/communiques/2025/le-reseau-des-missions-locales-et-france-travail-appellent-a-la-vigilance-apres-un-acte-de-cyber-malveillance.html
  2. cnil.frhttps://www.cnil.fr/fr/france-travail-la-cnil-enquete-sur-la-fuite-de-donnees-et-donne-des-conseils-pour-se-proteger
  3. techradar.comhttps://www.techradar.com/pro/security/french-government-agency-breach-may-have-exposed-data-on-340k-jobseekers
  4. infosecurity-magazine.comhttps://www.infosecurity-magazine.com/news/france-data-breach-jobseekers/

Related incidents

Data breachContained

Leak at France Travail

On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
1.6M
Credential stuffingOngoing

Leak at France Travail

In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.

Victim
France Travail
Data breachContained

Leak at France Travail

On 6 October 2025, France Travail — France's national public employment agency — was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.

Victim
France Travail
Data breachUnknown

Leak at France Travail

On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.

Victim
France Travail
Records
10.0K