Large Scale Data Breach Exposes Info of Nearly Half of France’s Working Population

A massive data breach at a French employment agency is affecting over 43 million users – representing more than half of France’s total population.

A large-scale data breach has compromised the personal information of a staggering 43 million French workers, raising concerns about identity theft and fraud. The attack is believed to have impacted around two-thirds of France’s population. The unclaimed cyberattack targeted two French employment agencies France Travail and Cap Emploi.

On March 13, 2024, French employment agency France Travail, previously called Pole Emploi, announced becoming the victim of a data breach that exposed the personal data of their registered users. This includes names, social security numbers, dates of birth, email, postal addresses, phone numbers, and user IDs.

France Travail named another company Cap Emploi, a government employment service supporting people with disabilities, as the victim of this breach. France Travail confirmed that login credentials, passwords, and bank details are not at risk.

On March 8, the agency notified the Commission Nationale de l’Informatique et des Libertés (CNIL), the national data protection agency, and filed a police complaint after which a formal investigation was launched.

Initial probing by the Paris Public Prosecutor’s Office and the Cybercrime Brigade of the Paris Judicial Police Department revealed that a malicious actor gained unauthorized access to Cap Emploi’s systems on February 6, impersonating a Cap Emploi civil service officer. France Travail began noticing suspicious activity within its IT systems between 6 February and 5 March 2024.

According to CNIL, a cyberattack on France Travail could have potentially exposed data of those currently registered on the job seekers list, those registered over the last 20 years, and those with a candidate space on the platform. The company will notify affected users individually.

Read: https://www.hackread.com/massive-data-breach-43-million-french-workers/

875 Workers Liberated by Filipino Police from Slavery After Falling for Promises of Lucrative Work

Filipino police rescued 875 “workers” – including 504 foreigners – in a raid late last week on a firm that posed as an online gaming company but in reality operated a forced labor camp that housed romance scam operators. A video of the raid on the Tarlac Pogo firm posted last Thursday shows the nation’s Criminal Investigation and Detection Group (CIDG) entering what appears to be an office housing rows of workers in front of computers.

The rescued “workers” hailed from Vietnam, China, the Philippines, Rwanda, Taiwan, Indonesia, and Kyrgyzstan. The victims were allegedly lured into slavery on the promise of a job offer. Instead, they allegedly had their passports confiscated and were forced to adopt fake identities and pretend to be suitors of their victims to extract money.

The schemes that lured the workers involved promises of cryptocurrency wins, investments in businesses, and more. Those who failed to meet quotas were physically harmed, deprived of sleep or locked in their rooms, executive director of Presidential Anti-Organized Crime Commission (PAOCC), Gilberto Cruz, told local media.

Officials were reportedly tipped off by a Vietnamese worker who arrived at the center in January. He arrived after being promised a job as a chef. Police said he bore signs of torture in the form of electrocution marks.

During the raid, the authorities seized live ammunition and guns from the ten-hectare compound, located approximately 60 miles north of Manila. Also found were cellphones, sim cards and scripts. Thirty-four vehicles within the compound had mismatched serial numbers and license plates, according to Cruz.

Since the raid, nine people have been charged in connection with the scam center. Only one of the individuals was Filipino, according to local media. Five were Chinese, two Vietnamese and one Malaysian. The individuals face anti-trafficking violations, among others, following an inquest.

Read: https://www.theregister.com/2024/03/18/phillipines_cyberslavery_gang_busted/

After Cyberattack, Malawi Passport System Bounces Back Online

Malawi’s passport issuance system has regained its online functionality after enduring a suspected ransomware attack for several weeks. The restoration process took approximately three weeks following the cyberattack on the computer network of the country’s immigration service.

At the time of the cyberattack, President Lazarus Chakwera made it clear that the hackers had demanded a ransom, but the Malawi government stood firm in their decision not to comply, indicating that the compromised system was indeed a victim of a ransomware attack. Following the incident, President Chakwera called for a comprehensive investigation into the attack, which was reportedly carried out by cyber mercenaries, emphasizing the need to hold those responsible accountable for their actions.

President Chakwera called for swift action from law enforcement agencies to launch an investigation into the attack on the e-passport issuance system at the department of immigration and citizenship services. He emphasized that those found guilty should face legal consequences for their actions. The department of immigration expressed appreciation to the people of Malawi for their patience and acknowledged that a team of local experts successfully restored the system.

Read: https://www.darkreading.com/cyberattacks-data-breaches/malawi-passport-system-back-online-after-cyberattack

IMF Email Accounts Compromised in Major Security Breach

The International Monetary Fund (IMF) has recently uncovered a cybersecurity incident involving the hacking of approximately twelve email accounts. In a statement released last week, the renowned financial institution, affiliated with the United Nations, disclosed that the security breach was identified on February 16, 2024. Through collaboration with external cybersecurity experts, it was determined that a total of eleven IMF email accounts had been compromised. Immediate measures were taken to restore the security of the affected accounts.

The IMF emphasizes its strong commitment to proactive prevention and robust defense against cyber incidents, acknowledging the unfortunate reality that such events can occur. Operating under this assumption, the organization maintains a comprehensive and resilient cybersecurity program aimed at swift and effective response to any incidents that may arise. As for the recent breach involving the compromise of nearly a dozen IMF email accounts.

According to Reuters, the IMF confirmed that the compromised account list did not include those of Managing Director Kristalina Georgieva or other high-ranking officials, stressing that senior leadership was not specifically targeted. This incident appears to be the first cybersecurity breach publicly acknowledged by the IMF since 2011, when the organization faced a cyberattack that allegedly resulted in significant data loss, including documents and emails.

Read: https://www.securityweek.com/imf-emails-hacked/

Critics Accuse Canadian Government of Gaslighting Regarding Its Online Censorship Bill

Regarding Canada’s latest controversial legislative initiative, the Online Harms Act (Bill C-63), the government finds itself on the defensive. Opponents of the bill claim it aims to regulate what they call “thoughtcrime” and includes extreme measures, such as life imprisonment for ambiguous “(hate) speech offenses.” Furthermore, a cabinet minister supporting the bill has dismissed critical articles as nothing more than “clickbait.”

In light of the government’s history of internet-regulating initiatives, including the highly debated bills C-11 and C-18, observers are noting a familiar trend in the case of C-63. The draft bill, which was publicly introduced a few weeks ago, has already garnered vocal criticism from prominent figures. This may be one of the reasons why Justice Minister Arif Virani advised readers to disregard clickbait and seek a deeper understanding of the bill’s alleged true nature, as conveyed in his response post on X.

Margaret Atwood raised concerns about the proposed legislation, stating that if the article’s interpretation of the bill was accurate, it could lead to worrisome scenarios of revenge-based false accusations and the enforcement of “thoughtcrime.” In response, Justice Minister Arif Virani clarified that the bill does not categorize “awful but lawful” content as hate speech, focusing instead on expressions of detestation and vilification rather than mere insults or impolite jokes, as he explained to the Canadian press. However, the Canadian Civil Liberties Association expressed apprehension, warning that the bill’s broad criminal prohibitions on speech could stifle public discourse.

Read: https://reclaimthenet.org/canadian-government-accused-of-gaslighting-critics-of-its-online-censorship-bill

 
Elsewhere Online:

Windows Infiltrated: The Rise of DEEP#GOSU Malware and North Korea’s Cyber Espionage
Read: https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html

Unmasking Azorult: Google Sites Used as Cover for Advanced Evasive Tactics
Read: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites?web_view=true

Legal Action Against Flo Health: Canadian Users Seek Redress for Privacy Violations
Read: https://www.cbc.ca/news/canada/british-columbia/flo-health-privacy-class-action-1.7137600

Fujitsu’s Cyber Crisis Unveiled: Malware Exposes Customer Data, Experts Grimes and Williams Raise Concerns
Read: https://www.darkreading.com/cyberattacks-data-breaches/fujitsu-malware-on-company-computers-exposed-customer-data

Decoding the Moldovan E-Root Marketplace and its influence on US Cybersecurity
Read: https://www.infosecurity-magazine.com/news/moldovan-e-root-marketplace-us/

Exposing the MediaWorks New Zealand Data Breach: Unraveling Extortion Tactics and Cybersecurity Vulnerabilities
Read: https://therecord.media/mediaworks-new-zealand-data-breach-extortion?&web_view=true

Previously on #AxisOfEasy