Personal data of 8,700 French visa applicants exposed in cyberattack

French authorities said the attack was ‘quickly neutralised’ and that its impact would be ‘limited’.

A cyberattack has compromised the data of more than 8,000 people applying for visas in France. The French interior ministry confirmed that France’s visa platform was targeted by hackers on 10 August.

According to a report from French news site The Local, the ministry said the attack had been “quickly neutralised” and a criminal investigation was launched.

Personal details including passport numbers, birth dates and addresses of 8,700 people were exposed and some details may have been stolen. A spokesperson for the interior minister said that although the data could be misused, its effect would be “limited” as it does not include financial or sensitive data under GDPR.

“Nor does it allow administrative procedures to be initiated on behalf of the person whose data has been disclosed, whether on the France visas portal or on any other French institutional site,” the spokesperson added.

Ronnen Brunner, vice-president of EMEA at cybersecurity company ExtraHop, said that public sector organisations have a responsibility to citizens to adhere to GDPR guidelines.

“The public sector’s responsibility for personal data is a vital part of the public services to continue to build credibility and trust for its citizens, and improve the level of service whilst the security is maintained,” he commented.

“Public sector organisations should adopt privacy standards and controls as regulated markets do, such as banks and healthcare. GDPR was created by the EU to manage exactly these types of concerns and incidents of data leakage, but it’s not enough for public administration to write data privacy legislation, it’s also crucial they meet these requirements themselves.”

According to a report from earlier this year from French broadcaster RFI, cyberattacks in France have increased fourfold over the past year.

French president Emmanuel Macron pledged a €1.6bn investment in cybersecurity defence in February following an attack that left several hospitals severely compromised, while the country’s armed forces ministry said it would strengthen its cyberdefence chain from end to end.

Those affected by the latest data breach should have received a message from the French visa site informing them of the problem and advising them on security measures to take. The Connexion reported that the visa website receives up to 1.5m applications every month, but not all of the applicants’ data will have been leaked in the attack.