Personal data of people who applied for France Visa gets leaked. French government confirms the incident

In a joint statement, the French Ministry of Foreign Affairs and Ministry of the Interior confirmed the detection of a cybersecurity incident that resulted in the exposure of data belonging to almost 8,700 people who applied for work and tourism visas through the France-Visas website. Government entities note that this attack was launched directly against a feature of the site that receives nearly 1.5 million monthly requests.

The French government says the incident was “immediately neutralized,” though threat actors had plenty of time to extract hundreds of confidential records, including names, passport numbers and dates of birth, among other data.

On the other hand, a representative of the Ministry of Foreign Affairs points out that at the moment it is not possible to share with the press and cybersecurity community more details about the incident, which includes information such as the nationality of the affected users. It is important to clarify that the information leaked varies according to the affected users, although these details mainly refer to names and contact information.

On the security risks derived from this cyberattack, the statement notes that the information could be used for malicious purposes, although this potential misuse is limited because the leak does not include sensitive financial details as established in the General Data Protection Regulation (GDPR).

For the affected government offices, it is important to note that no malicious actor could create new applications or administrative processes on behalf of the users affected by this leak, whether they are Visa applications or any other French government procedure.

The French authorities have begun to contact the affected users in order to take the corresponding security measures, in addition to claiming to be working together to prevent a similar incident from happening in the future.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.