Massive Data Leak Exposes Over 1 Million French Employment Records Hackers operating under the aliases misere and ChimeraZ claim to have stolen more than 1 million sensitive records from France Travail’s employment-related applications, including HR, mobility, and workplace health systems. The breach, linked to platforms AKAOLIFE and FILDIRECT-RH, involves nearly 60GB of data across 39 databases and over 10,000 source files. The leaked data includes: - 966,816 HR files and 1,003,047 professional mobility records - 38,138 workplace health monitoring files and 3,747 disability-related documents - 26,684 accounts with plaintext passwords, alongside application code, security keys, and Windows login credentials Exposed details extend beyond basic contact information, revealing French social security numbers, employee IDs, job histories, internal mobility requests, and recruiter comments enough to craft highly convincing phishing scams. The breach also raises concerns about further system exploitation due to exposed configuration files. Both hackers have been active in recent incidents: ChimeraZ was linked to a breach at optical retailer Krys, while misere was tied to a leak of 650,000 messages from France’s Tchap secure messaging platform. The primary risk for affected workers is impersonation, with attackers potentially posing as HR, recruiters, or public service officials to extract sensitive documents or credentials. The inclusion of plaintext passwords compounds the threat, particularly for those who reuse passwords across services.

French Government Messaging Service Tchap Breached in Cyber Attack On June 7, France’s National Cybersecurity Agency (ANSSI) detected a breach in Tchap, the encrypted messaging platform used by the French public sector. The attack prompted an investigation by the Digital Affairs Directorate (DINUM), which oversees the app’s development and security. In a statement published on numerique.gov, officials confirmed that the compromised account had been identified and blocked. While the full extent of the data exposure remains under investigation, all Tchap users were reminded that public chatroom content is not encrypted. The breach’s origin has not been disclosed, but a threat actor claimed responsibility, alleging the theft of nearly 14GB of files including hardcoded LDAP credentials, internal documents, email addresses, meeting links, and organizational data. Launched in 2019, Tchap is a state-developed messaging service built on the Matrix protocol, offering end-to-end encryption for private conversations. The incident occurs as France accelerates efforts to reduce reliance on foreign software, transitioning government workstations from Windows to Linux and replacing Zoom and Microsoft Teams with a domestic alternative by 2025. The EU, meanwhile, is reportedly phasing out Google in favor of France’s Quaint as its default search engine.