What Happened
In early 2025, the French job‑placement platform nordemploi.fr (Nord Emploi), which connects RSA welfare recipients in the Nord department with employers, suffered a cyberattack in which attackers accessed the internal file of accompanied RSA beneficiaries and extracted extensive personal, social, and professional data on registered users. Exposed fields reportedly included civil status and identity data (name, maiden name, date of birth, sex, postal address, phone number, welfare/CAF identifiers, and the name of the user’s Pôle Emploi adviser), detailed information on personal situation and follow‑up (RSA status and opening date, Pôle Emploi registration history, employment situation, accompaniment modality, literacy status, childcare solutions, use of IT tools, number of applications and offers, and discussion histories), as well as professional profile data (employer/structure names and SIRET numbers, work history, associative experience, training, targeted jobs, skills, certifications, interests, languages, and driving licences), plus various account status fields. The exact number of affected records was not publicly stated, but authorities and commentators warned that the richness and sensitivity of the compromised dataset make it likely that these data could be illegally disclosed and reused by third parties for misuse such as fraud or profiling.
