Piracy has no age. Following the cyberattack against France Travail (formerly Pôle-Emploi) a few days ago, three twenty-somethings were arrested and placed in pre-trial detention.
It didn’t last long. While a massive data leak potentially affecting 43 million beneficiaries was detected at France Travail barely a week ago, the brigade fighting against cybercrime (BL2C) has already arrested three people she believes she is linked to this large-scale act of piracy.
An “organized gang” attack
The investigation unit, under the direction of the Paris Police Prefecture, identified the three suspects using “technical and telephone investigations“. A search of their homes and an analysis of the computer equipment then made it possible to confirm that they were indeed engaged in “a fraudulent activity using the technique of phishing“.
Suspected of having usurped the identity of Cap Emploi agents between February 6 and March 5, 2024, the three suspects were presented to an investigating judge on Tuesday March 19, indicted and placed in pre-trial detention for “fraudulent access and maintenance in an automated data processing system, extraction of this data, scams and money launderingt”. The prosecution also specifies that “each of these offenses being aggravated by the circumstance of organized gangs“.
The identity of those arrested was obviously not communicated, the prosecution simply indicating that two of the suspects were born in September 2000 and September 2002 in Ardèche and the third in November 2001 in Yonne. The BL2C also indicates that it does not stop its research here and is still investigating to find possible other actors in this hacking and “assess each person’s share of responsibility“.
A quick survey
Seized of this case on March 12, the cybercrime brigade carried out an express investigation and identified the three suspects in less than a week. The judicial police confirmed that the personal data concerned contained the surname, first name, date and place of birth, physical address, email address, telephone number, social security and France Travail identifiers. Passwords and banking data are not a priori concerned and the figure of 43 million beneficiaries has been confirmed by the public prosecutor’s office.
As a reminder, a CNIL investigation is underway to assess whether “the security measures implemented prior to the incident and in response to it were appropriate with regard to the obligations of the General Data Protection Regulation (GDPR).»
Source : Paris prosecutor’s office
3