Gigantic blunder on the part of the CAF de Gironde, which will have disclosed all the personal data of more than 10,000 beneficiaries to one of its Parisian service providers, who will have, by mistake, put them online for almost 18 months on its website. Identity theft is obviously the biggest risk for the recipients concerned.
If you are recipient of the Family Allowance Fund (CAF), you are potentially affected by a data leak that has just occurred. The information comes from the investigation cell of Radio France which indicates that the CAF of Gironde has communicated confidential information of more than 10,000 beneficiaries to one of its service providers responsible for training its agents “. The provider, who mistakenly believed that this data was ” fictitious “, will then have published them online.
CAF: more than 10,000 users affected by the publication of their data online
The data published online concern the date of birth of the recipients, their address, the amount of benefits they receive from the Family Allowance Fund and even their income. All this data remained available online for nearly two years, downloadable by anyone.
The leak comes from the Gironde family allowance fund. The organization, which uses a service provider based in Paris to train its agents to learn a programming language intended for statistics (R language), has communicated to his client a file containing the personal data of 10,204 recipients. Precise address, date of birth, household composition and income, amounts and types of benefits received (RSA, APL, disabled adult allowance), a lot of data was exchanged.
Read: Twitter: millions of user email addresses stolen in data breach
The catch is that the provider (remained anonymous) will have uploaded this data in March 2021, thinking they were fictitious. In total, the data will remain online for 18 months, in full view, accessible by a simple download of a file named “CAF.zip”.
” This is sensitive personal data. I don’t think CAF had the legal right to export this data », says the jurist Bastien Le Querrec to the Squaring the Net. In this specific context, the penalties may be administrative (pronounced by the CNIL), civil or criminal, the greatest risk for the beneficiaries concerned being identity theft. CAF has opened an internal investigation.
