A group of hackers, called LulzSec, announced on February 12 on X (formerly Twitter) that they had hacked 600,000 accounts belonging to beneficiaries of the Family Allowance Fund (Caf). The hackers published a screenshot of the beneficiary spaces of four people, with postal and telephone contact details, professional and marital situations, and the amount of the latest payments. A second screenshot lists accounts and allocation amounts.
Ongoing investigations
Advertisement
Caf does not confirm the compromise of 600,000 accounts of its beneficiaries. It is based on the hackers' screenshot, indicating that the four accounts concerned “were identified” and “data breach is proven”. The organization adds: “Access to these four accounts was done without forcing the site's system, by providing passwords probably obtained elsewhere by the authors. This confirms that the caf.fr site has not experienced a security breach.”
No additional information was given by the hackers on the nature and extent of the data stolen, nor on its intentions. The Caf specifies, however, that concerning the four accounts, “the hackers were able to access their contact details and the last amount of benefits paid. But no access to bank details (RIB) is possible.” During the night of the cyberattack, the Caf site was under maintenance, before access was restored. A closure of the site confirmed by the organization, as a precaution.
Concerning other accounts, Caf claims that data breaches “are not attested” and that investigations are underway. She filed a complaint, and notification was made to the National Commission for Information Technology and Liberties (Cnil). Without precise information on the hackers' modus operandi, Caf recommends changing the password.
A publicized hacker group
Advertisement
This cyberattack comes a few days after two significant data breaches in the third-party payment system. One of the third-party payment providers, Viamedis, was targeted, followed closely by another provider, Almerys, with a total of 33 million social security beneficiaries.
Considered by some to be hacktivists on the same level as Anonymous, LulzSec hackers act mainly to gain media attention. They became known in 2011 when Sony Pictures was hacked, which allowed them to compromise more than a million accounts.
Selected for you