-
Thousands of litres of fuel spill into fields in Normandy after tanker overturns
Tests are being carried out into risk of pollution of local water supplies to homes
-
Speed limits to (mostly) drop to 30 km/h in this French city
The new measure will improve noise and pollution, improve safety and encourage cycling, say local authorities
-
Thousands of French parking fines cancelled after IT bug
The fines had been issued in error after IT system was privatised
Receive family benefits in France? Why you must change your password
A hacker group claims it has access to 600,000 accounts
Everyone who receives benefits from the Caisse d'allocations familiales (Caf) has to change their password due to the activity of hackers who claim to have access to hundreds of thousands of accounts.
Caf, which organises the payment of family, housing and disability benefits, as well as the prime d’activité, revealed the data breach on February 23.
“After several days of investigations, we have identified a data breach,” it said in a statement.
“Several thousand accounts have been visited illegally. Ill-intentioned individuals have connected to these accounts using our beneficiaries’ real passwords that have been usurped and made available on the darkweb.”
The hack is not believed to be related to the data breach of 33 million social security numbers taken from the payment systems of insurance top-up providers announced on February 2.
What has happened to the Caf website?
The hacker group, known as LulzSec, claims to have access to 600,000 accounts, which could allow them to access beneficiaries’ personal information, including revenues and benefit rights. However, the Caf has not confirmed the extent of the breach.
Indeed, it reports that its website has been “in no way compromised” and that the beneficiaries passwords were likely breached by some other means than hacking.
Nonetheless, the Caf has informed the French data protection watchdog la Commission nationale de l'informatique et des libertés (CNIL) about the issue and an investigation has been launched.
The hackers are not believed to have access to bank details or the ability to divert benefit payments to other accounts.
“To change bank details online requires an additional security check to verify that the request is legitimate,” announced the CNIL. “In case of any doubt, the request must be validated by Caf personnel”.
‘Everyone has to change their password’
“All people whose accounts have been compromised are being contacted and their passwords re-initialised to prevent further access by unauthorised individuals,” announced the Caf.
In addition, the Caf says that everyone with an account must change their passwords as a precaution from March 8.
This means that anyone accessing the Caf website will be invited to reset their passwords. It advises people to set a password of at least 10 characters with a mix of capital and lowercase letters, numbers and symbols.
People whose accounts were compromised are potentially at risk from further attacks, particularly if they use the same password on several websites.
They also face the threat of directed phishing attempts in which scammers use knowledge of their personal data to convince victims to agree to making payments or purchases.
Read more
Benefit controls in France: Criticism of how people are selected
Benefits in France: revenu de solidarité active (RSA) for work seekers
Millions of workers in France can receive up to €600 a month in aid