The Universal National Service (SNU), this volunteer program which combines commitment to missions of general interest and cohesion stays, has just been the victim of a data leak of unknown origin. As revealed by Le Monde IT, volunteers received a message last Monday warning them of a theft of personal data.
In this email, the Universal National Service platform specifies that the stolen data relates to the identity (first and last name) as well as the contact details (postal address and email address) of the victims. “A complaint was immediately filed”, the recipients of this message are also informed – a report has finally been made to the CNIL, the guardian of personal data.
Most of the volunteers
According to the Ministry of National Education, questioned by Actu.fr, this data theft following a computer hack resulted in the theft of information relating to 62,500 youth accounts and 87,000 parent accounts, i.e. 149,500 people. Important figures, to compare with the numbers of volunteers passed through the SNU since 2019, 89,000, according to the recent report by MP Jean-Claude Raux.
This database relating to the SNU has been on sale since November 22 on a well-known black market on the web, for the modest sum of 50 dollars, reports Numerama. The Internet user behind this sale, however, claims to have a number of recordings different from that communicated by the ministry. He claims to have data on 75,718 volunteers for a total of 126,050 accounts, parents included.
Date of birth
If the administrative supervision of this platform specifies that the identifiers or passwords were not stolen, the data leak would nevertheless include for volunteers their date of birth. A sensitive point: many services – for example a mutual insurance company, or a bank – rely on the communication of this type of information to remotely confirm the identity of an interlocutor.
It is therefore very likely that personal data, if disseminated, will serve as support for scam campaigns, identity theft or even phishing attempts. It is particularly recommended to change your password as quickly as possible on the platform affected by the leak and to report all pages disclosing your personal information.