France’s national statistics agency has confirmed an Insee cyberattack that exposed personal information belonging to thousands of current and former employees. According to the agency, attackers accessed its internal staff directory and obtained professional contact details for approximately 12,800 people.

Officials stressed that the incident did not expose passwords, banking information, social security numbers, medical records, or home addresses.

Insee Confirms Staff Directory Breach

The Insee cyberattack targeted the agency’s internal personnel directory, which employees use to search for colleagues and administrative information.

According to Insee, the compromised records contain employee names and work-related contact details. The agency said the breach did not affect highly sensitive personal information.

The exposed database reportedly contains 12,796 staff records, including information on current and former employees as well as members of related civil service organizations.

Stolen Database Appears on Cybercrime Forum

French cybersecurity news outlet Cyberattaque reported that a threat actor using the alias “Saturne” published the database on a cybercriminal forum.

The leaked data allegedly originated from trombi.insee.fr, Insee’s internal staff directory. The platform allows employees to search for colleagues, view work assignments, and access professional contact information.

Authorities have not confirmed how attackers gained access to the directory or how long the data remained exposed.

Sensitive Personal Data Was Not Exposed

Insee emphasized that the attackers did not obtain the most sensitive categories of personal information.

According to the agency, the breach did not include passwords, personal addresses, banking details, social security numbers, or medical information. At this stage, investigators believe the stolen data is limited to identities and professional contact details.

France Continues to Face Government Cyber Incidents

The Insee cyberattack adds to a growing list of security incidents affecting French public institutions.

Earlier this year, attackers breached Tchap, the French government’s secure messaging platform. That incident exposed data belonging to more than 73,000 users after attackers published the information online.

In April, French authorities also confirmed a separate breach involving a government database used to manage identity documents. That incident exposed approximately 19 million records containing passport, national identity card, and driver’s license information.

The latest breach highlights the continued pressure facing government organizations as cybercriminals increasingly target public sector systems and employee data.


0 responses to “Insee Cyberattack Exposes Staff Data of Nearly 13,000 Employees”