The personal data of visa applicants hoping to visit or emigrate to France has been exposed in a cyber-attack targeting the French government’s ‘France-Visas’ website.
France’s Ministry of Foreign Affairs and Ministry of the Interior, which jointly manage the site, said the attack took place on August 10 and was “quickly neutralized”, according to a Google translation of a French-language government press release published on Friday (September 3).
The compromised data comprises details entered during visa applications, including email addresses, first and last names, dates of birth, nationalities, and passport numbers or identity card numbers.
No financial or ‘sensitive’ data (as defined by the GDPR) was compromised, said the government ministries.
The press release did not disclose how many individuals are impacted or a range of dates within which visa applications were compromised.
The statement intimates that the stolen data would not be sufficient for the attackers to access government services under the guise of victims.
The Daily Swig has asked the French government for further details, and we will update this story if and when they do so.
Incident response
The French government ministries said they immediately implemented measures to secure france-visas.gouv.fr and prevent further attacks.
Affected individuals have been notified of the data breach and been given recommendations for protecting their personal data and online identities, said the statement.
The French data protection regulator – the Commission nationale de l’informatique et des libertés (CNIL) – has been notified and a judicial investigation is underway, reads the press release.
The number of visas issued by the French government fell by nearly 80% between 2019, when 3.5 million visas were granted, and 2020, as the Covid-19 pandemic decimated international travel, SchengenVisaInfo.com has previously reported.
Source: https://portswigger.net/daily-swig/french-government-visa-website-hit-by-cyber-attack-that-exposed-applicants-personal-data