Leak at France Travail
France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.
- Victim
- France Travail
- records
- 340.0K
On 22 July 2025, France Travail — France's national public employment agency (formerly Pôle Emploi) — notified users that an unauthorized intrusion had exposed the personal data of roughly 340,000 job seekers. The compromise was traced to Kairos, the platform France Travail uses with partner training organizations, and was flagged to the agency by CERT-FR (ANSSI) after activity detected around 12–13 July.
The attack was not a direct breach of France Travail's core systems. Instead, attackers abused a legitimate user account belonging to a training organization based in the Isère department, whose credentials had been stolen by infostealer malware. Using that compromised partner access, they were able to query and extract jobseeker records through Kairos.
Exposed data categories:
- First and last name
- Date of birth
- France Travail identifier
- Email and postal address
- Phone number
- Jobseeker status
France Travail stated that passwords and banking details were not affected. As an immediate response, the agency temporarily took its "employment" portal and Kairos offline (services restored around 24 July), filed a criminal complaint, notified the CNIL under the GDPR, and accelerated the rollout of two-factor authentication for Kairos — originally planned for later — to harden partner access. The CNIL opened an investigation and issued guidance to affected users on guarding against phishing and identity fraud. This was a separate, smaller incident from the much larger March 2024 France Travail/Cap Emploi breach.
Sources
- francetravail.orghttps://www.francetravail.org/accueil/communiques/2025/le-reseau-des-missions-locales-et-france-travail-appellent-a-la-vigilance-apres-un-acte-de-cyber-malveillance.html
- cnil.frhttps://www.cnil.fr/fr/france-travail-la-cnil-enquete-sur-la-fuite-de-donnees-et-donne-des-conseils-pour-se-proteger
- techradar.comhttps://www.techradar.com/pro/security/french-government-agency-breach-may-have-exposed-data-on-340k-jobseekers
- infosecurity-magazine.comhttps://www.infosecurity-magazine.com/news/france-data-breach-jobseekers/