{"id":4328,"date":"2026-01-31T06:38:24","date_gmt":"2026-01-31T06:38:24","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/01\/31\/france-fines-national-employment-agency-e5m-over-2024-data-breach\/"},"modified":"2026-01-31T06:38:24","modified_gmt":"2026-01-31T06:38:24","slug":"france-fines-national-employment-agency-e5m-over-2024-data-breach","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/01\/31\/france-fines-national-employment-agency-e5m-over-2024-data-breach\/","title":{"rendered":"France Fines National Employment Agency \u20ac5m Over 2024 Data Breach"},"content":{"rendered":"
\n

The French employment agency, France Travail, has received a \u20ac5m ($6m) fine for security failures that led to the compromise of an estimated 43 million jobseekers.<\/p>\n

In a public statement on January 29, 2026, France\u2019s data protection regulator, the Commission Nationale de l\u2019Informatique et des Libert\u00e9s (CNIL), said it issued sanctions against France Travail following an investigation into the data breach.<\/p>\n

France Travail Breach: Personal Data of 43m Users at Risk<\/strong><\/h2>\n

In March 2024, France Travail announced that its IT systems and those of Cap Emploi, a government employment service that supports people with disabilities, were breached.<\/p>\n

According to France Travail, exposed personal data included names, social security numbers, dates of birth, user IDs, email and postal addresses, and phone numbers of France Travail and Cap Emploi users.<\/p>\n

However, the attackers did not gain access to any jobseekers\u2019 complete France Travail files nor any healthcare data.<\/p>\n

The data breach could affect users who registered on Cap Emploi over the past 20 years, representing 43 million potential users\u2019 data exposed.<\/p>\n

\n

Following the incident, the Paris\u00a0public prosecutor’s office announced that the French police arrested three individuals, all based in France and aged 21, 22 and 23 at the time. They were suspected to be behind the breach.<\/p>\n

A judicial investigation was opened relating to charges of “fraudulent access to and maintenance of an automated data processing system, extraction of such data, fraud and money laundering.”<\/p>\n<\/div>\n

France Travail\u2019s Response Violated GDPR, Regulator Says <\/strong><\/h2>\n

The CNIL opened another investigation to determine whether sufficient data security measures were in place in compliance with the EU\u2019s General Data Protection Regulation (GDPR).<\/p>\n

This investigation concluded on January 22, 2026. It found multiple security and organizational issues at France Travail and said the agency \u201cfailed to secure the personal data of jobseekers.\u201d<\/p>\n

Specifically, The CNIL found the following France Travail shortcomings:<\/p>\n