On January 22, 2026, France’s data protection authority, the CNIL, imposed a €5 million fine on France Travail for failing to properly secure the personal data of job seekers following a major 2024 breach. Investigators found that social engineering against CAP EMPLOI adviser accounts, weak authentication, overly broad permissions and poor monitoring allowed attackers to access 20 years of records, prompting the CNIL to order corrective measures and threaten additional daily penalties if improvements are not made. #FranceTravail #CNIL #CAPEMPLOI
Keypoints
- The CNIL fined France Travail €5 million for inadequate data security under GDPR Article 32.
- A 2024 social engineering attack against CAP EMPLOI adviser accounts enabled the breach.
- Attackers accessed 20 years of records, including national insurance numbers, email, postal addresses and phone numbers.
- Investigators highlighted weak authentication, excessive adviser permissions and insufficient logging and monitoring.
- France Travail had identified measures earlier but failed to implement them, and now faces required remediation with potential €5,000/day penalties for delays.
Read More: https://thecyberexpress.com/cnil-fine-on-france-travail/