Some 7,400 people were able to open the documents containing sensitive information, before they were deleted by the organization.
By Nathan Joubioux for Le Point
Published on
VSn the weekend, many Internet users complained of having had access, on their Urssaf account, to payment schedules for 2022 contributions and to calls for 2023 contributions from other contributors. Confirmed, this Tuesday, May 2, by the dues and contributions collection body in the world, the “computer error” affected about 29,000 people. Some 7,400 were able to consult the documents.
They were thus able to access the names of the contributors, their address, their Urssaf account number, their IBAN number and their declared income for the year 2022, explains Online accounting. A leak that does not concern autoentrepreneurs, according to the first findings of Urssaf.
An open internal investigation
“The information of self-employed workers who filed their tax return before April 27 was posted on the online account of 7,400 self-employed workers”, explained, daily, the organization, which highlighted a “computer incident “. Each year, Urssaf sends updated schedules, with their recalculated social contributions, once the workers have completed their declaration for the previous year.
If the weekend operation concerned some 49,000 people, all the regional funds were not affected by the leak. In Champagne-Ardenne, a contributor received the regularization of “eighteen other people”.
��Hello, big bug of the urssaf champage-ardennes this May 1st which sent me the regularization of my contributions but also that of 18 other people.
I wonder at this moment how many people will receive the details of my income and my contributions?��— Patrick Botat (@PBotat) May 1, 2023
In Brittany, others were able to download that of “about twenty independents from the region”. Some even received “301 pages of Urssaf timetables which [les] not concern”.
I have just received 301 pages of Urssaf schedules which do not concern me… with complete identities, addresses, income…
— Master Hess (@MIAJOASG) May 1, 2023
Tell me @Urssaf_Brittany is it normal for me to be able to download, on my space, in the messaging section, the regularization of contributions for around twenty self-employed people in the region (79 p)?
I conclude that other freelancers also have access to my data?…— 360 Finance (@360finance_fr) May 1, 2023
An internal investigation is still underway to determine the exact causes of the leaks. Urssaf has deleted the information stored in personal spaces. About 22,000 wrong file recipients did not have time to open the documents. A message will be sent shortly to those affected by these distribution errors.
As the law indicates, Urssaf reported the problem to the National Commission for Computing and Liberties (Cnil). The “persons whose information has been potentially consulted” are invited to “be vigilant about possible suspicious banking movements”. The organization, which apologized to the users concerned, also invited them to contact it at 3698 for any further information.