Overview
- France Travail detected unauthorized access on July 12 through the Kairos training application and closed the portal immediately
- Notifications began on July 22 to inform 340,000 job seekers that their names, birthdates, France Travail identifiers, email and postal addresses, and phone numbers were exposed
- Investigators traced the breach to an infostealer malware infection on a third-party training provider’s account in Isère
- France Travail has filed a formal complaint and alerted the CNIL while ANSSI leads the technical inquiry
- The Kairos portal is slated to reopen July 24 and multi-factor authentication deployment has been fast-tracked ahead of its original October 2025 schedule