CAF: what personal data has leaked on the internet?


Technical error or computer attack? Neither: the leak of personal data of 10,000 beneficiaries of the Family Allowance Fund (CAF) is the result of human error. According to an investigation by the Radio France investigation unit, this private information was available online between March 2021 and January 2023.

In question ? A Parisian provider of the CAF, who thought the data in question fictitious, used them to train the agents of the organization. The Gironde CAF called on the said service provider to “train its statisticians”. “To teach them the R language, a programming language intended for statistics, he uses a service provider based in the Paris region. And as in all training, there are practical cases with exercises”, explain our colleagues. To help them in this process, CAF de Gironde has therefore communicated a file with the personal information of 10,204 very real beneficiaries.

If the recipients’ first names, surnames and postal codes have been deleted before sending, a lot of information remains present on the document… Allowing anyone to find the person concerned online, in just a few clicks. What data remained available online for a year and a half? In all, no less than 181 types of information were accessible. Summary of the main information in our slideshow below.

The Gironde CAF told Radio France journalists that the 10,204 beneficiaries concerned would soon be contacted to inform them of this leak. It also opened an internal investigation in order to “understand how this situation could have occurred and put in place a tighter monitoring system”.