A new data leak has hit France. VO2 GROUP, a technology and digital transformation consulting firm, reports that it has suffered a cyberattack. The intrusion occurred on the company's online recruitment platform, "Lever." The firm is currently notifying all affected individuals by email that their personal data has potentially been compromised.
What data was leaked?
The affected data includes the following: first and last name, email address, "contact details", and the candidate's profile. This is more than enough for cybercriminals to orchestrate highly effective phishing attacks. In "no case were passwords or identity documents compromised." The company advises you to "remain vigilant for communications that appear to come from our company and that ask for personal information." The group attributes the attack to a "technical access key (API)" that was "temporarily visible on a GitHub repository." The key allowed VO2 Group to connect to the recruitment platform. It was mistakenly displayed and was stolen by a malicious individual. The individual used it to connect to Lever, impersonating VO2 Group. It is unclear how the key was published on GitHub. After "being identified, this situation was quickly corrected," states VO2 Group.
In accordance with French law, the firm notified the CNIL (Commission Nationale de l'Informatique et des Libertés), the French data protection authority. The body is free to investigate the circumstances that led to the disclosure of personal information. In this case, the CNIL could investigate how the access key ended up on Github.
Another leak in France
As researcher Clément Domingo points out on his X account, this is "another French company joining the sad pantheon of data leaks." Dozens of companies have indeed been hacked in recent months and years. The trend is not slowing down, quite the contrary. Cyberattacks are increasing, targeting both large corporations and SMEs. In the first few months of 2025, several well-known companies were victims of an intrusion, including La Poste, Easy Cash, Kiabi, and Chronopost. The threat has not spared the world of finance. Harvest, which develops a host of tools for insurers, wealth management advisors, and private banks, was also the victim of a ransomware attack. The attack paralyzed a large part of the financial sector in France.
0 Comments