A cyber-attack has compromised the data of around 8700 people applying for French visas via the France-Visas website.
The French Ministry of Foreign Affairs and the Ministry of the Interior announced on Friday (August 3) that the cyber-attack targeted a section of the site, which receives around 1.5 million applications per month.
In a statement, the ministries claimed that the attack had “been quickly neutralized,” but personal details — including names, passport and identity card numbers, nationalities and dates of birth — had been leaked.
No ‘sensitive’ data (as defined by the GDPR) was compromised, said the government ministries.
In response to this news, Ronnen Brunner, VP of EMEA at ExtraHop, said: “The recent cyber-attack in France, which has compromised the data of around 8700 people applying for visas to live and work in France, has resulted in personal details being leaked, including passport numbers and addresses. The public sector’s responsibility for personal data is a vital part of the public services to continue to build credibility and trust for its citizens and improve the level of service while the security is maintained.
“This is exactly the reason we see organizations like the Met Police in the UK emphasize network visibility in their cybersecurity strategy.”
He added: “Public sector organizations should adopt privacy standards and controls as regulated markets do, such as banks and healthcare. The EU created GDPR to manage exactly these types of concerns and data leakage incidents, but it’s not enough for public administration to write data privacy legislation. It’s also crucial they meet these requirements themselves.”