-
A hacker claims to have breached AKAOLIFE, a French HR software firm recently acquired by Sage.
-
The breach allegedly exposes 14.4 million lines of data, including sensitive HR and medical files.
-
Over one million individuals, including France Travail employees, are potentially affected.
A new and alarming data breach has reportedly rocked the French public employment service, France Travail. This time, the breach appears to stem from its technology partner, AKAOLIFE.
The cybercriminal group, using the pseudonyms ChimeraZ and misere, has claimed responsibility for the attack on a dark web forum. They assert they have stolen a massive 60 gigabytes of data from AKAOLIFE, a digital solutions company recently bought by the UK software giant Sage.
The potential scale of the data exposed is staggering. The hackers claim to have extracted nearly one million HR files, over a million professional mobility records, and thousands of sensitive occupational health documents.
Indeed, this is not the first large-scale data breach to occur in the past few months, as France Travail has recently been penalized with a fine of €5 million for a data breach that affected 36.8 million users.
Details of the Alleged Data Cache
The attackers’ post on the dark web suggests they stole the following information:
- 966,816 HR files containing administrative and professional employee information.
- 1,003,047 professional mobility files, which include career histories and applications.
- 38,138 occupational health files, potentially containing medical examination records.
- 3,747 files related to disability situations.
- 26,684 accounts linked to @pole-emploi.fr and @francetravail.fr email addresses, including their authentication information.
The hackers also claim to have extracted 60 GB of SQL backups and the source code for the various applications used by AKAOLIFE. They also attached a ransom letter asking the company to pay $1,000 (approx. €930) in Monero cryptocurrency for them to delete the stolen data. According to the note, if the company fails to pay, they’ll release the information online.
What this Means for Potential Victims
A perfect combination of personal identifiers, employment record, and sensitive medical data makes one susceptible to fraud. As the French media outlet Zataz reports, the hackers bragged about how easily they pulled off the hack attack.
The risks are particularly acute in sectors handling medical data. Spain’s private healthcare sector has also come under attack, with the SafePay ransomware group launching a campaign targeting healthcare providers.
They described finding a single server housing eight AKAOLIFE-related sites, with an administrator password that was reused across multiple applications. The hacker even claimed to have found evidence of two other groups that had previously breached the infrastructure.
While AKAOLIFE or France Travail have not officially confirmed the breach, the detailed nature of the claims makes this a credible threat. The kind of confidential information, names, professional contacts, employment information, and medical records that the actor has described in their post is valuable to hackers.
It puts everyone whose data France Travail may have handled their data at risk of identity theft, phishing attacks, and other targeting scams.
If you’ve ever used France Travail or related services, now is the time to stay alert. Beware of any emails, calls, or text messages you receive out of the blue claiming to be from France Travail and other institutions.
