Overview
- The public agency reports that data were extracted in Monday’s intrusion but has not verified how many accounts are affected or which data types were taken.
- Cybercriminal group Stormous claims to hold about 30 GB from more than 30,000 registrants, alleging access to credentials, identity documents, contact details and bank information.
- Investigators are examining a vector involving stolen identifiers harvested from malware on beneficiaries’ own devices rather than a direct breach of central servers.
- Some files tied to the incident are already visible on the dark web, and experts warn the data could enable identity fraud, including opening bank accounts or taking out loans.
- The attack follows earlier breaches at France Travail, including a major 2024 leak and another this summer, as critics question detection and endpoint security across institutions.