HubEE is not a household name among the general public. However, it is a platform that plays a key role in the dematerialization of administrative procedures. Operated by the Interministerial Digital Directorate, it serves as a gateway for exchanging documents between different administrations, in particular for procedures accessible via Service-public.gouv.fr.
An invisible but essential platform for online procedures
The intrusion was detected on January 9. By that time, the attackers had already had time to vacuum up tens of thousands of documents. According to DINUM, around 70,000 files were affected, representing a total of 160,000 files. Some contain personal data, including “ identification data and, where applicable, supporting documents », as indicated in the email addressed to impacted users and relayed by cybersecurity expert Clément Domingo.
Precision is important: Service-public.gouv.fr was not directly compromised, as reported Clubic. The attack targets a technical subcontractor, in this case HubEE, but its consequences have repercussions on users who have carried out online procedures in recent months. As soon as the breach was discovered, the DINUM teams cut off the attacker’s access and initiated precautionary measures. Strengthening the authentication and flow monitoring mechanisms took several days; the platform was not fully returned to service until January 12.
Among the decisions taken: a general reset of HubEE user passwords and the obligation of two-factor authentication via the mobile application for administrator accounts. Very banal corrective measures but which unfortunately come after the fact. Four organizations are particularly concerned by this leak: the Directorate of Legal and Administrative Information, the General Directorate of Social Cohesion, the General Directorate of Health and the National Family Allowance Fund. These structures are currently working with DINUM to inform the users concerned.
The regulatory procedure has been initiated: notification to the National Commission for Information Technology and Liberties, alert to the National Information Systems Security Agency, information to the Prime Minister and filing of a complaint with the judicial police on January 12. At this stage, no publication of the stolen data has been noted, but active monitoring is in place.
DINUM apologizes to affected users and calls on them to be vigilant, particularly in the face of phishing attempts likely to exploit stolen information. Notified persons can also contact the legal department of the administration via the address (email protected).
🟣 To not miss any news on the WorldOfSoftware, follow us on Google and on our WhatsApp channel. And if you love us, .
