CAF Data Leak: Hacker Shares Social Security Numbers and Passwords of Over 60,000 French Citizens Online

A threat actor has allegedly leaked the login information (Social Security Numbers and passwords) of over 60,369 Caisse des Allocations Familiales (CAF) account holders online.

According to the latest data snafu, discovered by security researcher Damien Bancal, a threat actor leaked the information on a well-known hacking forum, specifying that he is not certain if all of the login combos work.

The researcher also noted that some of the information he found in the leaked text file contained hashed data, while others were in clear text, ready for use by malicious actors.

Not the first data breach to impact the CAF

In early 2024, the Caisse des Allocations Familiales (CAF), a key institution in France's social security system, suffered a serious data breach that exposed the personally identifiable information of up to 600,000 French citizens. The leaked data from the breach, carried out by the notorious hacker group LulzSec, contained personal details such as names, addresses, phone numbers, email addresses, and information related to family allowances and benefits.

What are the dangers of this most recent CAF data leak?

While CAF has yet to confirm the data was leak or any security incident impacted its network, hackers armed with the CAF passwords and Social Security Numbers can fraudulently access user accounts to conduct identity crimes – including modifying information to divert benefits of account holders.

In addition to accessing CAF accounts, attackers can attempt to access other government-owned platforms that use the SSN and password combo or leverage the information to orchestrate targeted phishing attacks.

What should users do?

• Reset passwords for their CAF account on any other platform where you have used the SSN and same/similar password combo
• Use a password manager to generate secure, complex and unique passwords for your accounts, hassle-free. Bitdefender’s multi-platform password manager offers multiple benefits, including automatic password leak alerts to immediately notify you if your passwords and emails are exposed online.
• Watch out for scams and phishing. Use scam detection services such as Scamio to stay on top of fraudulent and scam correspondence you may be targeted with.

Scamio, our free-to-use AI-powered scam detector that can pick up on fraud attempts from  texts, messages, emails, images and QR codes. Additionally, you can describe a suspicious situation and Scamio will provide you with an instant assessment on whether you may get scammed. Scamio is available on Facebook Messenger, WhatsApp and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.

• We strongly encourage you to use a digital identity protection service to monitor your online identity and get real-time alerts about data breaches and leaks involving your online identity and information.

Use services such as Bitdefender Digital Identity Protection to:

- Immediately react to data breaches and privacy threats. Instant alerts let you take swift action to prevent damage, such as changing passwords via one-click action items.

- Real-time monitoring. The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a data breach or leak.

- Get Peace of mind. The service immediately flags suspicious activity and actively monitors personal information for peace of mind.

- Get a 360° view of all your personal data. You can see your digital footprint, including traces from services you no longer use but still have your data, and even send requests for data removal from service providers.