The National Family Allowance Fund (Cnaf), which oversees the CAF in the French departments, announced this Friday, February 23 that a group of “hackers” claimed a week earlier to have accessed the accounts of CAF beneficiaries. Here is Cnaf’s advice to its beneficiaries.
“A data breach has been proven, several thousand recipient accounts were visited illegitimately,” announced Cnaf in this press release released Friday February 23 early in the afternoon. “Malicious people connected to beneficiary accounts with their real passwords, stolen and “made available” on the “darkweb”.” Vigilance, therefore, in the event of a call referring to your data known by your CAF.
With one exception: “Each beneficiary whose account is certified to have been visited is contacted and their password reset in order to block any access to their account by an unauthorized person,” specifies the Cnaf. So be sure to make sure that you are online with someone from your CAF.
“Each beneficiary whose account is certified to have been visited is contacted and his password reset in order to block any access to his account by an unauthorized person”
The bank details have not been stolen!
The Cnaf, however, wants to be reassuring by specifying that, if personal accounts were indeed “visited”, the CAF.fr site was not hacked: “no security breach” was noted. In short: the stolen information is limited to passwords, account numbers and other information easily accessible in personal spaces.
Another important clarification: “Malicious people cannot access bank details (RIB), but could try to modify it. However, changing online banking details is subject to security checks to verify that the change is legitimate. In case of doubt, the process is validated by a benefit advisor before the change is effective. »
Cnaf filed a complaint with the CNIL and, as of last week, “the level of password security for new accounts was reinforced”. Yesterday, Thursday February 22, the CAF launched a password change campaign.
CAF password: what changes on March 8
“As of March 8, changing your password will become mandatory for all beneficiaries who have not yet done so, as soon as they log in to their account. Beneficiaries will be supported by tutorials,” specifies Cnaf in its press release on this stolen password alert.
CAF advice for a good password
- a different password for each site;
- complex: more than 10 characters and at least one number, one lowercase and one uppercase;
- impossible to guess;
- modified regularly;
- communicated to no one, not even to Caf.