The personal information of 10,204 social security beneficiaries in France was exposed for over 17 months after a misstep by French social security agency (CAF).
According to an investigation by local radio network France Info, the data snafu occurred after the CAF agency in Gironde in southwestern France shared a file containing confidential information of over 10,000 beneficiaries with the service provider training its statisticians.
Although the file was missing the names and postal codes of recipients, an analysis by France Info reporters revealed that there was enough PII to identify individuals.
This includes home addresses (number and street name), date of birth, number of household members, income, and amount and type of benefits received.
Moreover, this data ended up on the internet, and in some instances consists of no less than 181 pieces of data per social security recipient, with sensitive information on children, and mentions of joint custody.
The service provider claims the sent zip file containing CAF beneficiary information was made public on the training platform in March 2021, on the belief that the received info was “fictitious”.
The service provider also confirmed that it neglected to remove the file containing real information until last week. This means that the PII of beneficiaries has been up for grabs on the website with no proper encryption or password for a very long time.
In response to inquiries from local news outlets, CAF said the files should have never been published online by its provider, as the information was supposedly directed to a “very limited and strictly internal” training.
With Bitdefender’s Digital Identity Protection (DIP) service, you can discover and curate the extent of your digital identity so you can make more privacy-focused decisions to keep you, your identity and your reputation safe.
DIP combs the web for your old accounts using only your email address and phone number, allowing you to analyze and manage your digital self, reducing the amount of data that can put your livelihood at risk.
You can find and delete old accounts and, best of all, immediately respond to data leaks with 24/7 data breach monitoring. All revealed data entry or risks to your identity come with easy 1-click action items that enable you to secure your accounts and data.