The personal data of railway workers, stolen when a SNCF service provider fell victim to a computer attack, have been released on the dark web, the public railways group said on Wednesday, calling on its employees to be vigilant.
“The attack was not specifically directed at SNCF, but at a secure data exchange platform (MOVEit) used by a SNCF service provider,” explained the address in an internal information note consulted by AFP, stating that ” It has affected several hundred large companies and government agencies around the world.”
The stolen data comes from files necessary for occupational medicine, stored in an approved health data host as required by regulations, according to the SNCF.
stolen health data
They include professional and personal contact data, certain data used by the group’s human resources (number, marital status, country of origin, type of contract, position, remuneration for the position, etc.), the Social Security number and certain data health as work. stoppages in progress, occupational diseases or specific medical follow-ups.
There are no bank details, payment receipts or passwords among the stolen data, management said.
The SNCF invites its agents to be “even more vigilant than usual”, certain data can be used to approach railway workers and extract money or sensitive data by placing them in confidentiality.
A large number of companies around the world have been affected in recent weeks by an attack against the MOVEit file transfer software, provided by American Progress Software.
According to Digital Factory, among the victims of this attack by the Russian hacker group Clop are companies such as the BBC, British Airways, Shell, Sony, the two auditing and consulting firms PWC and EY, or even the cybersecurity software provider NortonLifeLock.
Source: BFM TV
