Data of 600 thousand beneficiaries at risk?

While the LulzSec group claims to have hacked into CAF's servers and stolen the personal data of 600,000 beneficiaries, the organization confirms a “data breach” of a small number of accounts.

Cybercriminals have been on the rampage since the beginning of the month! France appears to have become a target of choice, as evidenced by the hack of the social security system on an unprecedented scale, which affected at least 33 million policyholders (see our article), but also La Poste, Credit Agricole and Frey. And it's clearly not over yet, as on February 12, 2024 at 8pm, cybercriminal group LulzSec claimed responsibility for the Family Allowance Fund (CAF) hack. on his account (e.g. Twitter) and on its Telegram discussion channel. An operation that would have led to the theft of personal data for at least 600,000 beneficiary accounts! At the same time, other attacks were carried out against other French actors.

But then, what is it really? in statementCAF explains that it locked my account space for a few hours after this message from LulzSec “just in case”But no security vulnerabilities were found“There was no interference with the system.” On the other side, “The four accounts subject to the screenshots have been identified, and the data breach has been substantiated.”reveals the CAF. “These four accounts were accessed without forcing the site’s system, by providing passwords that may have been obtained elsewhere by the authors. This confirms that the Caf.fr website has not suffered a security breach. For these four beneficiaries, the hackers were able to access their accounts.” Own contact details and the last amount of benefits paid, but cannot access bank details (RIB).H“. The people targeted by the hackers have been contacted. On the other hand, regarding the 600,000 hacked accounts, the violations “Undocumented”The investigation is still ongoing. A complaint was made and a report was filed with the CNIL.

CAF hacking: France is threatened by a series of cyber attacks

LulzSec is a hacking group famous for hacking into large companies and government agencies over a short period of time in 2011. Among its victims were Sony – which hacked millions of accounts – EA and Nintendo, but also the websites of the presidency and government of Brazil, and the website of the US Senate. The group even managed to bring the CIA website to its knees, before it was dismantled by the authorities! In short, its effectiveness no longer needs to be proven, and when it claims that a process works, we pay great attention to it! However, it is currently difficult to verify the veracity of the hackers' claims, as the cybercriminals posted a series of screenshots showing several beneficiary accounts, with personal data such as phone numbers, addresses and emails – but this information has been scrambled. It appears that the hackers were able to obtain the passwords for these accounts, allowing them to log in whenever they wanted – and thus access more personal data, more sensitive this time, such as postal address, marital status, number of children in the family, income, etc.

to Following this announcement, the CAF website indicated that maintenance work was underway, preventing millions of people from accessing their accounts. The site was up and running again the next morning. If, at the time of writing, LulzSec has not yet announced what it intends to do with this data, we invite you to change your password as a precaution, and to be vigilant against any phishing attempts you may be exposed to – we can easily imagine cybercriminals swiping your CAF identity from By being asked to make an overpayment through a broken link, for example.

Alongside this action against CAF, the group appears to have organized a denial-of-service attack Against Total Énergies websiteIn cooperation with the hacker group Anonymous. Meanwhile, LulzSec published a list of emails from the France Diplomatie website. A real attack on all fronts, and it doesn't seem like it's over! Hackers have already announced its importance. Let's keep our eyes peeled!