A hacker has compromised INSEE’s internal directory. Identity and professional contact details of 12,800 agents exposed, sensitive data spared. The black series from the French public digital service has one more episode.
In recent weeks, the Tchap messaging service, the Jeveuxaider.gouv.fr platform, the National Agency for Secure Titles and the Civic Service Agency have each suffered leaks or attacks at a rate that is starting to take a toll. Friday June 26, it was INSEE which joined this unenviable list, with an intrusion detected on June 19 on its internal directory.
The results cover approximately 12,800 people : current agents, former agents and members of the body of the institution. What was leaked was limited to identity and professional contact details (email address, office telephone number). Sensitive data (passwords, bank details, social security numbers, health data) are outside the scope, as are the statistical data collected as part of INSEE’s missions to companies and individuals.
In the process, INSEE secured its access with the HFDS of the Ministry of the Economy and theTRAPnotified the CNIL under the GDPR and filed a complaint with the public prosecutor. The claim of an actor under the pseudonym “Saturn” on a cybercriminal forum is circulating without having yet been independently verified; the intrusion itself, on the other hand, is.
INSEE reminds that it never requests payment for registration in the Sirene directory, nor bank details or passwords. Any messages claiming the opposite in the coming weeks deserve to be treated with the greatest suspicion. The government announced a plan to 200 million euros to strengthen the cybersecurity of administrations within the framework of the NIS 2 directive. Its precise financing remains, curiously, still to be detailed.
👉🏻 Follow tech news in real time: add 01net to your sources on Google, and subscribe to our WhatsApp channel.
Source :
INSEE/Cyberattack.org
