France's national statistics agency, INSEE, disclosed a cyberattack that exposed personal data belonging to around 12,800 current and former staff.
INSEE detected the breach on June 19 and confirmed that records from its staff directory were taken. The affected individuals include both current employees and former staff, as well as members of the civil-service corps attached to the agency. INSEE has not publicly detailed exactly what categories of data were accessed beyond the staff directory, but the scope — nearly 13,000 people — is significant for a single government agency.
Government statistics agencies hold a particular kind of institutional trust: they are the bodies that define how a country measures itself. A breach of staff data is not the same as a breach of population data, but it signals that even the organizations behind official numbers can have unsecured internal systems. Personnel directories are also a useful starting point for social engineering and targeted phishing campaigns.
France has seen a string of public-sector data incidents in recent years, and this one lands at an agency whose credibility depends partly on the perception that it handles data carefully.