Leak at France Travail
In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.
- Victim
- France Travail
On 29 October 2025, France Travail — France's national public employment agency (formerly Pôle Emploi) — confirmed that data had been extracted from job-seeker accounts following a cyberattack disclosed earlier that week. Rather than breaching the agency's core infrastructure directly, the attackers used login credentials harvested by infostealer malware running on job seekers' personal computers, then replayed them in a credential-stuffing campaign to log into individual accounts and exfiltrate the documents stored there.
The intrusion was claimed by the pro-Russian group Stormous, which boasted of tens of thousands of compromised accounts and roughly 30 GB of stolen data. France Travail confirmed that data had genuinely been extracted but could not, at that stage, validate the attackers' figures. The breach record catalogues about 16,479 affected individuals whose authentication data appeared in plaintext.
Exposed data categories included:
- Civil-status details, postal address, phone number and email
- National ID card scans
- Bank details (RIB)
- Employment contracts and tax notices
- Social Security attestations, training certificates and work authorizations
France Travail filed a criminal complaint and notified France's data-protection regulator (CNIL), which opened an investigation. This was at least the third reported security incident at the agency in under two years, following the March 2024 breach affecting up to 43 million people and a July 2025 incident hitting hundreds of thousands of job seekers. The investigation remained ongoing at the time of disclosure.
Sources
- francebleu.frhttps://www.francebleu.fr/infos/faits-divers-justice/le-site-de-france-travail-victime-d-une-cyberattaque-lundi-des-donnees-ont-ete-extraites-9504464
- zataz.comhttps://www.zataz.com/france-travail-revendication-dexfiltration-par-credential-stuffing/
- usine-digitale.frhttps://www.usine-digitale.fr/article/france-travail-de-nouveau-victime-d-une-cyberattaque-la-troisieme-en-moins-de-deux-ans.N2240612