Cybersecurity Breach Exposes Personal Data of 280,000 in France
Chronopost and Caisse des Dépôts report significant data breaches affecting hundreds of thousands of clients and pension affiliates.
Recent cybersecurity incidents in France have led to unauthorized access to the personal data of approximately 280,000 individuals.
Specifically, 210,000 clients of Chronopost, a subsidiary of the La Poste group, and 70,000 individuals affiliated with the Caisse des Dépôts (CDC), a public financial institution managing retirement funds, have been impacted.
Chronopost revealed that it fell victim to a cyberattack in late January 2025, which allowed the assailant to access sensitive information including names, addresses, and signatures from delivery proof documents.
In some cases, the attacker also viewed clients' phone numbers.
Simultaneously, the CDC confirmed an illegal breach where the attacker gained access to personal data of individuals enrolled in the Ircantec, a supplementary pension fund for public agents.
The specific details of the accessed personal data have not been disclosed by the CDC.
Local officials were also targeted in this breach.
The assailant obtained login credentials from several public employers, affecting approximately 70,000 individuals, including about 1,000 local elected officials who have been notified of the incident.
In response to the breaches, the CDC has conducted checks to ensure there have been no irregular activities in the personal spaces of the affected affiliates.
Both Chronopost and the CDC have notified the Commission nationale de l'informatique et des libertés (CNIL), the French data protection authority, in accordance with legal regulations.
Authorities have noted that once attackers gain access to such data, they may attempt to sell it, placing victims at risk of social engineering fraud through techniques such as phishing via SMS or email, relying on the information obtained from the breaches.
Specifically, 210,000 clients of Chronopost, a subsidiary of the La Poste group, and 70,000 individuals affiliated with the Caisse des Dépôts (CDC), a public financial institution managing retirement funds, have been impacted.
Chronopost revealed that it fell victim to a cyberattack in late January 2025, which allowed the assailant to access sensitive information including names, addresses, and signatures from delivery proof documents.
In some cases, the attacker also viewed clients' phone numbers.
Simultaneously, the CDC confirmed an illegal breach where the attacker gained access to personal data of individuals enrolled in the Ircantec, a supplementary pension fund for public agents.
The specific details of the accessed personal data have not been disclosed by the CDC.
Local officials were also targeted in this breach.
The assailant obtained login credentials from several public employers, affecting approximately 70,000 individuals, including about 1,000 local elected officials who have been notified of the incident.
In response to the breaches, the CDC has conducted checks to ensure there have been no irregular activities in the personal spaces of the affected affiliates.
Both Chronopost and the CDC have notified the Commission nationale de l'informatique et des libertés (CNIL), the French data protection authority, in accordance with legal regulations.
Authorities have noted that once attackers gain access to such data, they may attempt to sell it, placing victims at risk of social engineering fraud through techniques such as phishing via SMS or email, relying on the information obtained from the breaches.
