You may be using the site Service-public.gouv.fr for your online administrative procedures without worrying about the security of your data. But what happens when the digital mechanisms that facilitate these operations are targeted by cyber attackers? Discover how a recent attack on the HubEE platform revealed worrying flaws in the protection of our personal information.
The 3 key facts not to miss
- The cyberattack compromised approximately 160,000 administrative documents containing sensitive data.
- HubEE, the State’s digital exchange platform, was infiltrated, but the site Service-public.gouv.fr was not directly affected.
- Enhanced security measures, such as two-factor authentication, have been implemented to prevent future intrusions.
Understanding the attack on HubEE
The cyberattack was discovered on January 9 by the interministerial digital department (DINUM). From then on, technical teams worked tirelessly to secure the platform. It took three days to patch the breach and ensure the secure resumption of services. The attack allowed hackers to access approximately 70,000 files, totaling 160,000 administrative documents, some containing sensitive personal data.
The security measures implemented
In response to this intrusion, DINUM took drastic measures to strengthen the security of HubEE. All users had to reset their passwords, and two-factor authentication is now mandatory for administrator accounts. These decisions aim to prevent future hacking attempts.
The impact on ministerial departments
Four ministerial departments are particularly affected by this data breach: the Directorate of Legal and Administrative Information (DILA), the Directorate General of Social Cohesion (DGCS), the Directorate General of Health (DGS), and the National Family Allowances Fund (CNAF). These entities are currently collaborating with DINUM to inform the affected users and limit the repercussions.
Actions taken after the intrusion
The usual procedure for major incidents has been activated. The CNIL has been officially informed, and the National Agency for the Security of Information Systems (ANSSI) has been alerted. A complaint has also been filed with the judicial police. So far, the hacked data has not been publicly disclosed, but active monitoring has been established to detect any new exploitation attempts. Users are encouraged to remain vigilant against potential phishing attempts.
Context and importance of HubEE
HubEE is an essential platform in the process of digitizing administrative services in France. It ensures the secure transfer of documents necessary for various administrative procedures. Although little known to the general public, its role is crucial for the proper functioning of the State’s online services, particularly those offered by Service-public.gouv.fr. This attack highlights the importance of strengthening cybersecurity in public infrastructures to protect citizens’ data.
Source: