New cyber attack. A hack targeted, on August 10, un France-Visas platform module, which allows foreigners to apply for a visa to stay in France, the Interior Ministry announced on Friday, September 3, in a press release. The Ministry of Europe and Foreign Affairs and the Ministry of the Interior are jointly responsible for this site. Franceinfo recaps what we know about this attack.
Nearly 8,700 visa applicants affected
Among the personal data stolen are names, first names, passport or identity card numbers, dates of birth, the nationalities of the holders of these documents and email addresses. All this information is recorded when entering a visa application, explains the press release from the Ministry of the Interior.
At least 8,700 people are affected by this cyberattack, warns the ministry, adding that some have only had part of their data stolen. Messages have been sent to them “with recommendations for vigilance and precautions to be taken”.
An attack “quickly under control”
The computer attack may have been “quickly mastered”, assures the ministry, which explains to have taken measures jointly with the ministry for Europe and Foreign Affairs “to secure the platform” and avoid that “events of this type are happening again”.
According to the ministry, “this data could give rise to diverted uses, but limited in their effect, in particular because the information does not include financial or sensitive data within the meaning of the General Data Protection Regulation (GDPR)”.
They do not allow either “to initiate administrative procedures on behalf of the person (…) whether on the France-Visas portal or on any other French institutional site “.
An investigation by the Cnil in progress
The government said it had lodged a complaint and an investigation is underway. The National Commission for Informatics and Freedoms (Cnil) was also seized.
The site receives more than 1.5 million visa applications on average per month, according to the Cnil. “When there is a personal data breach, the service concerned must notify the CNIL promptly, according to the general data protection regulation. Upon receipt, the CNIL examines the notification, as is the case for this cyberattack “, explains a spokesperson for the CNIL to franceinfo.