**FRANCE FINES UNEMPLOYMENT AGENCY €5 MILLION OVER MASSIVE DATA BREACH**

A French national employment agency has been slapped with a €5 million fine by the country's data protection authority for failing to secure job seekers' sensitive information, which was stolen by hackers in a massive data breach affecting 43 million people.

The National Commission on Informatics and Liberty (CNIL) imposed the penalty on France Travail (formerly known as Pôle Emploi), the public employment service that provides unemployment benefits and helps job seekers find work. The agency's databases contain extensive personal and financial information for millions of French citizens, making them a prime target for cyber attackers.

The data breach occurred in early 2024, when hackers used "social engineering" techniques to gain access to the France Travail information system. They exploited people's trust, ignorance, or credulity to hijack the accounts of CAP EMPLOI advisers, who are responsible for supporting and monitoring the employment of people with disabilities.

According to the CNIL, the attackers managed to steal sensitive data including names, dates of birth, national insurance numbers, email addresses, home addresses, phone numbers, and potentially health-related information. However, the breach did not affect bank details or account passwords, nor did the hackers obtain complete job-seeker files.

The French government agency disclosed in March 2024 that up to 43 million individuals were affected by the data breach, which spanned two decades. This is the second major security incident to hit France Travail in recent years, following a massive data breach in August 2023 that affected approximately 10 million individuals.

In response to the latest data breach, CNIL ordered France Travail to document corrective measures and provide a detailed implementation schedule for addressing its security issues. Failure to comply with the order will result in daily penalties of €5,000 until the government agency demonstrates that it has remedied its security vulnerabilities.

The €5 million fine imposed on France Travail is part of a growing trend of large-scale data breaches and subsequent fines levied by the CNIL. In recent months, the authority has slapped Google with a €325 million fine for violating cookie regulations, imposed a €150 million fine on Shein's Irish subsidiary for similar GDPR violations, and fined Free Mobile and its parent company €42 million after a massive data breach in October 2024.

With the rise of connected services and the increasing reliance on sensitive personal information, cybersecurity threats are becoming an ever-present concern. As more organizations grapple with the challenge of protecting customer data against cyber threats, it remains to be seen whether France Travail's latest fine will serve as a deterrent or merely another instance in a long line of security incidents.