The French National Commission for Information Technology and Civil Liberties (CNIL) has just published its 2024 report. As the authority responsible for data protection in France indicates, "data breaches have not only been more numerous, but also of greater magnitude, resulting in the theft of data belonging to millions of people.".
Last year, the CNIL was notified of 5,629 breaches, 20% more compromises than in 2023. The year 2024 was marked by numerous cyberattacks against brands, private companies, and public bodies. These attacks resulted in the disclosure of private information about most French people, such as names, postal addresses, email addresses, and, in some cases, banking data.
More and more victims
Data leaks are affecting more and more French people. The agency emphasizes that the "number of breaches affecting more than a million people has doubled in one year, going from around twenty to around forty successful attacks." Among the most notable leaks of last year were the hack of France Travail, the hacking of Free, SFR, and Assurance retraite.
Last year, the CNIL received a total of 17,772 complaints, 8% more than in 2023, and more than 15,000 of them were processed. Some of the complaints received in 2024 are still being investigated, the agency specifies.
Double authentication
In the opinion of Marie-Laure Denis, president of the CNIL, more than "80% of major data breaches" recorded in 2024 "could have been avoided" with a simple precaution: double authentication. To stem the number of leaks, the CNIL has therefore planned to require companies and public bodies to activate a double authentication system two-factor authentication if they hold data on French citizens.
To ensure that two-factor authentication becomes the norm in France, the CNIL plans to carry out "massive checks" starting next year. The authority is giving the organizations concerned a few months to implement the system.
More than 55 million euros in fines in 2024
Last year, the CNIL already "conducted several hundred inspections of public and private bodies in response to complaints or reports received.". In particular, it inspected Free's premises following the September cyberattack.
The investigation is still ongoing, and the operator risks sanctions if breaches are found. In 2024, the CNIL imposed more than €55 million in fines on companies, through 87 sanctions. The number of sanctions has more than doubled. over one year.
Data leaks: the situation is still critical in France
Unsurprisingly, the CNIL indicates that the trend is accelerating. During the first quarter of 2025, the authority learned of 2,500 data breaches in France. During this period, many brands found themselves in the sights of cybercriminals. This is the case for La Poste, Chronopost, and Kiabi.
In three months, the CNIL recorded nearly half the number of breaches as last year. We should therefore expect another record year for personal information leaks, especially as attacks are occurring at high speed. Recently, companies such as Indigo, Easy Cash and Alain Afflelou have been targeted.
Source: CNIL
0 Comments