A data leak claim tied to French employment services could reach into some of the most personal parts of a worker’s file.
Hackers using the aliases misere and ChimeraZ claim they obtained more than 1 million records from employment-related applications connected to the France Travail ecosystem, including files tied to HR, mobility, and workplace health processes.
The exposed information could give criminals enough workplace context to make scam emails, calls, or messages sound credible.
Worker files, health records, and passwords appear in the leak
FrenchBreaches identified the applications as tied to AKAOLIFE and FILDIRECT-RH. Data listed in the claim spans 14.4 million lines, nearly 60GB of database backups from 39 databases, and more than 10,000 source files. The largest named sets include:
- 966,816 HR files
- 1,003,047 professional mobility files
- 38,138 workplace health monitoring files
- 3,747 disability-related files
- 26,684 accounts with passwords allegedly stored in plain text
The leak also lists application code, website security keys, Windows login data, and configuration files, raising the risk that the exposed systems could face further abuse.
Sensitive details sit inside the employment records
A worker file can expose a person’s life inside an organization, not just their contact details.
FuitesInfos said the records appear to include:
- Names, birth dates, addresses, emails, and phone numbers
- French social security numbers, employee IDs, and professional identifiers
- Job history, grades, assignments, and seniority
- Internal applications, mobility requests, and recruiter comments
The aliases behind the claim have appeared in other breach reports this month. ChimeraZ was recently linked to an alleged leak involving Krys, a local optical retailer, while misere was tied to France’s Tchap breach, which reportedly exposed 650,000 messages and 73,000 accounts.
Must-read security coverage
Scam risks for affected French workers
For affected workers in France, the main risk is impersonation. An attacker could pose as an HR team or a recruiter. Another route would be a fake message from a public-service contact or workplace health office.
A convincing message could refer to a real job history or a mobility request. From there, a scammer could send a fake login page. They could also ask for identity documents.
Plaintext passwords add a separate risk. Anyone who reused a work password elsewhere should change it and turn on multi-factor authentication.
Unexpected requests about employment records, medical visits, or disability paperwork should be checked through an official channel before sending documents or login details.
Related reading: A malware network linked to 27 million stolen logins has been taken down in a coordinated Europol-Microsoft operation.
Read the full article here
