The trade unionists of the CGT DSI of France Travail, formerly Pôle emploi, take charge of the management of the institution. They deplore, after the cyberattack revealed on March 13, the lack of consideration for computer security.
By playing too much with the fire of cybersecurity, we end up at the public stake. This is what is happening to France Travail, formerly Pôle emploi, which several weeks ago was the victim of a computer attack following the exploitation of a security flaw in the information system, with Cap Emploi. In an email dated March 28, 2024, the CGT DSI accuses the management of France Travail of being “ the only one responsible », castigating it for numerous failings and its laxity in matters of cybersecurity, which according to it could have been corrected earlier.
For the CGT, the management of France Travail tries to minimize its responsibility in the cyberattack
The CGT DSI (union of the General Confederation of Labor of the Information System department) first criticizes France Travail for its lack of transparency regarding the classification of the attack. The public establishment mentions the exploitation of identity theft, while the union speaks of the exploitation of a security vulnerability in the information system. “ You do not lack panache to minimize your responsibility and that of the IT department management. It is indeed a cyber attack which exploited a security flaw in our information system “, he explains. The tone is set.
More precisely, the union organization points out that targeting an employee, via social networks, and profiling make it possible to identify flaws, for example technical, to attack a system. “ This is what happened, and we did suffer a cyberattack “, she insists. The latter also exposes the personal data of 43 million subscribers over the last twenty years.
The representatives of the CGT DSI evoke a “ assumed choice » of the information systems department, which would not have followed the security recommendations regarding opening the IS to France Travail partners, such as Cap Emploi, also affected by the cyberattack. Trade unionists explain that they have repeatedly warned about insufficient information systems.
A report recommended the implementation of two-factor authentication… which never happened
Remember that the attack was most likely carried out thanks to the impersonation of Cap Emploi advisors. The Cap emploi service, which is aimed at people recognized as disabled in need of specialized support, approached France Travail some time ago. From the end of 2022, during a project to connect Cap emploi to Pôle emploi, as a partner, a risk analysis was carried out.
In the latter, the possibility of identity theft of a Cap emploi agent by a hacker accessing Pôle emploi IS data via the virtual machine was precisely detected. With a maximum level alert rating. The report therefore recommended the implementation of two-factor authentication, as recommended by ANSSI.
“ But it was never implemented “, deplores the CGT, which adds that it ” It took an attack on an unprecedented scale to put it in place for Cap Emploi employees, in just one or two weeks! “. Among the other criticisms made of France Travail and already highlighted in this same report, the CGT DSI mentions that of least privilege. Cap emploi employees had unrestricted access authorizations, contrary to what was recommended.
The CGT calls for the urgent application of several security measures
There have been numerous incidents in recent years for France Travail. A temp company partner of Pôle emploi was the victim of a data leak, causing changes to the RIB of citizens benefiting from compensation, with a loss of several hundred thousand euros. There was also an extraction of job seeker data initiated by an employee, information which ended up on the dark web. Without forgetting the attack on the Majorel service provider, from Pôle emploi, no later than July 2023, with disclosure of data and Social Security number.
Each time, management was alerted by the union, management “ mainly responsible for this situation, due to not having implemented all the recommendations concerning security “.
Today, unionists are demanding the implementation of the multiple-factor authentication method for all employees and partners who connect to the France Travail IS. They also demand a review of the policy for assigning security employees to service provision, as well as the strict application of the principle of least privilege. Finally, the CGT is launching the request for a tightening of the policy of opening access for external employees, currently in 24/7 mode, which in the event of an incident wastes precious time for employees. teams.
5