Skip to content
Data breachContained

Leak at France Travail

On 6 October 2025, France Travail — France's national public employment agency — was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.

Victim
France Travail

On 6 October 2025, France Travail — France's national public employment agency (formerly Pôle Emploi) — was reported to have suffered another data leak, one of a string of incidents the agency disclosed throughout 2025. This particular event exposed the personal records of roughly 5,500 job seekers. It is distinct from the larger, separately documented France Travail breaches of 2025 (notably the ~31,000-account theft claimed by the Stormous group in late October and the July compromise affecting some 340,000 people).

Across France Travail's 2025 incidents, attackers did not breach the agency's core infrastructure directly. Instead, leaks stemmed from compromised credentials and access — typically harvested by infostealer malware on job seekers' personal devices or via abused partner/agent accounts — used to log into claimant spaces and extract user data. The exposed records were subsequently circulated on cybercrime channels.

The data exposed in this leak included:

  • First and last name
  • France Travail identifier
  • Registration category
  • Email address
  • RSA (revenu de solidarité active) welfare status
  • CIR identifier

Although banking details and passwords were not part of this particular set, the combination of identity data, contact details and benefits status creates a meaningful risk of targeted phishing and identity fraud. France Travail urged affected job seekers to stay vigilant against fraudulent messages. France's data protection authority, the CNIL, opened investigations into the agency's repeated 2025 breaches and, in January 2026, fined France Travail €5 million for failing to adequately protect job seekers' personal data.

Sources

  1. cnil.frhttps://www.cnil.fr/fr/france-travail-la-cnil-enquete-sur-la-fuite-de-donnees-et-donne-des-conseils-pour-se-proteger
  2. cnil.frhttps://www.cnil.fr/en/data-breach-5million-fine-france-travail
  3. francetravail.orghttps://www.francetravail.org/accueil/communiques/2025/le-reseau-des-missions-locales-et-france-travail-appellent-a-la-vigilance-apres-un-acte-de-cyber-malveillance.html?type=article

Related incidents

Data breachContained

Leak at France Travail

On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
1.6M
Data breachUnknown

Leak at France Travail

On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.

Victim
France Travail
Records
10.0K
Data breachContained

Leak at France Travail

On 12 August 2025, France Travail, France's public employment agency, disclosed unauthorized access to its employer-facing job portal that exposed the contact details of business users — names, email addresses, phone numbers and an internal technical identifier.

Victim
France Travail
Credential stuffingOngoing

Leak at France Travail

In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.

Victim
France Travail