France hit by major cyberattack: Up to 1.2 million Urssaf users affected

Social security numbers and other information stolen from Pajemploi service

The social charges body will contact individuals who had their data stolen
Zane Lilley Zane Lilley
Published

TRENDING

French social charges body Urssaf has been hit by a major cyberattack affecting up to 1.2 million people. 

A recent data breach of employers on the Pajemploi service – used by parents to pay childminders – was announced yesterday (November 17).

The hack may have affected up to 1.2 million employees of private employers using the Pajemploi service, Urssaf said in a statement.

Information potentially taken includes:

  • First and last name

  • Date and place of birth

  • Address

  • Social security number

  • Bank name

  • Pajemploi number, and accreditation number

Urssaf adds that bank account numbers (IBANs), email addresses, phone numbers, or login passwords were not compromised. 

“As soon as the incident was identified, we immediately took the necessary measures and mobilised all teams to identify the causes, resolve the breach, and strengthen the protection of our information systems,” it states.

Users who had their data stolen will be contacted by Urssaf individually, it adds.

The Pajemploi system itself was not affected and will continue to work as normal. There will be no effect on the process of declaring or paying wages.

Phishing scams expected 

Urssaf reported the incident, which took place on November 14, to France’s data protection authority (Commission nationale de l’informatique et des libertés, CNIL), the national cybersecurity agency, and filed a criminal complaint with the public prosecutor. 

It is likely that hackers will look to sell the data online to scammers, who then use it for phishing’ scams.

Fraudsters may pose as officials – including Urssaf workers – using the information gained from the date breach to convince people that they are legitimate. 

Phishing scams often use forceful tactics in an attempt to panic victims, telling them they must carry out actions immediately or risk penalties. 

“Urssaf recommends that everyone exercises increased vigilance against the risk of fraudulent emails, text messages, or calls,” it says. 

It asks users of the service with any questions to contact the team via pajemploi.donnees.personnelles@urssaf.fr or by calling 0809 541 896.

scam french news

More from The Connexion