France’s statistics department hit by cyberattack on staff directory


The institution that counts France found itself counting victims this week. INSEE, the national statistics department, said a cyberattack had exposed personal data belonging to about 12,800 current and former staff, along with members of the civil-service corps attached to the agency.

The breach was detected on 19 June.

What was taken, according to INSEE, was the unglamorous kind of data: names, identity details, and professional contact information pulled from an internal staff directory. What was not taken matters more.

The agency said passwords, bank details, and social-security numbers were not part of the haul, and that an investigation had found no compromise of the data INSEE collects from businesses and private individuals.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

For a body that holds the demographic and economic record of an entire country, that last sentence is the one doing the heavy lifting.

The exposed records came from trombi.insee.fr, an internal directory that is closer to a staff photo board than a sensitive archive.

A user operating under the alias “Saturne” reportedly posted the database on a cybercriminal forum, which is how these incidents tend to surface now: not through an attacker’s ransom note but through a listing on a marketplace, offered to whoever wants it.

The breach is small in isolation. It is the context that makes it worth reporting. France has spent 2026 absorbing one government cyberattack after another.

Cybernews has counted dozens of incidents this year alone, and the roll call is long, including the Interior Ministry, the national agency for secure documents, and the government messaging platform Tchap.

The INSEE intrusion is the latest entry in a list nobody in Paris wants to keep adding to.

Whether that pattern reflects a coordinated campaign or simply a well-mapped set of soft targets is the question French officials have not fully answered.

Analysts quoted by Cybernews have described the state as stretched, citing chronic underinvestment in cybersecurity relative to comparable countries and social-engineering attacks aimed at front-line staff.

An internal phone directory is exactly the sort of low-value, low-defence asset that gets swept up when attackers are probing for any unlocked door.

The breaches arrive as Paris pushes hard on the idea of digital sovereignty, including an order for government ministries to migrate from Windows to Linux.

Controlling the software stack is one thing. Keeping a staff directory off a criminal forum is another, and the second turns out to be harder.

The mechanics are familiar to anyone who has watched the wider breach economy operate. Stolen directories rarely cause direct harm on their own.

They become raw material, the seed for phishing campaigns that impersonate colleagues and the connective tissue that links one leak to the next, much as scraped professional data has fed large-scale profiling efforts elsewhere.

A name and a work email are not much. Ten thousand of them, cross-referenced, are a campaign waiting to be built.

INSEE has not said who it believes was behind the intrusion, and on the early evidence the incident reads less like a targeted operation than an opportunistic grab.

A directory posted to a forum under a pseudonym is the signature of someone monetising access rather than wielding it, the data dumped for sale rather than held for ransom.

That distinction matters for what comes next. Ransomware operators negotiate; forum sellers simply move on, and the affected staff are left to watch for the phishing attempts that tend to follow a leaked address by weeks rather than days.

INSEE says the public statistics are safe, and on the evidence so far there is no reason to doubt it.

The agency’s harder problem is the same one facing its peers across the French state: the data that leaks is no longer always the data that matters most, and the volume of leaks is starting to look like the story.



Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


After months of rumors and two keynote events in May 2026, Google has finally released Android 17, the stable version. It’s rolling out to eligible Pixel devices today, including models in the Pixel 6 lineup, all the way to the latest Pixel 10 series.

The stable build contains plenty of features showcased at The Android Show and Google I/O, but if you were hoping to get your hands on Gemini Intelligence, that will ship later this summer to “select advanced devices.” With that out of the way, here’s what Android 17 offers at launch.

So what’s actually new in Android 17?

The most immediately useful addition is Bubbles, a feature that lets you access a select number of apps in the form of a floating window over another app or a circular app icon on the screen when minimized. 

You can access the feature by long-pressing an app icon and selecting the Bubble option. It’s best suited for your two or three-app workflows, letting you access them one after the other with a single tap on the screen. On foldables and tablets, bubbles dock into a dedicated bar at the bottom of the display. 

Android 17 also gets Screen Reactions, a feature that lets you record your phone’s screen along with your face (via the front-facing camera) simultaneously. It’s primarily for content creators, who can now make reaction videos without opening an editing app. 

What about gaming, security, and everything else?

On the gaming side, foldables get a new 50/50 layout with the game view up top and a dynamic gamepad below. Google has also made memory cleanup more efficient, so that gamers don’t experience frame drops and stutters while playing demanding video games. 

Security gets a meaningful upgrade with features like temporary location permissions and contact-level sharing controls (vs. sharing the entire address book). The Mark as Lost feature in the Find Hub now locks your phone via biometrics so nobody can unlock and reset it with the passcode.

Google also caps PIN guessing, with longer wait times between failed attempts. Rounding out the Android 17 update are hidden app names on the home screen, a dedicated volume slider for your AI assistant (Gemini on Pixel phones), Parental Controls expanding to all Android devices, and app memory limits for preserving system resources.  

Today is the day 👀

— Android Developers (@AndroidDev) June 16, 2026

While Pixel phones are the first to get the update, expect other OEMs to announce their Android 17-based updates in the coming weeks. Samsung, for instance, is expected to roll out One UI 9 at the second Galaxy Unpacked event of the year, rumored to take place on July 22, 2026. Other brands like OnePlus should follow soon.



Source link