Major trial underway for data leak at French work agency

A large-scale trial is opening in Lyon this week after the discovery of a major data leak at a French work agency Adecco that left 72,000 victims in one of the most serious data-related frauds ever uncovered in France.

16 people are in the dock at the Lyon correctional court facing 22 charges including organised fraud and identity theft. 

The central figure is a 20-year-old described by investigators as having “exceptionally high intellectual capacities” and a compulsive drive to find and exploit digital loopholes. 

He reportedly continued illicit activities using smuggled smartphones even while awaiting trial.

The case centres on the breach of the Adecco temporary work agency’s internal systems.

In 2022, a 19-year-old intern at an agency in Besançon, Doubs, sold his login credentials to a contact on an encrypted chat platform. He purportedly did not receive the €15,000 he had been promised for the login details and was arrested shortly afterwards.

Read more: Warning over fraud risk after leak of user data at French medical laboratory chain

The access allowed hackers to extract data on around eight million jobseekers, including banking details.

The intern’s arrest allowed investigators to trace the web of pseudonyms and encrypted channels used by the wider network.

Using the stolen Adecco data, the group began issuing automated withdrawals of €49.85 from thousands of bank accounts - just below the €50 threshold that typically triggers fraud detection alerts. The small, repeated, sums went unnoticed for weeks. 

In total, nearly 33,000 people were debited without their consent, generating a confirmed loss of €1.6million. 

A further 40,000 attempts were blocked or later refunded. Banks involved have joined the trial as civil parties, having reimbursed around €1.4million.

However this was only part of the wider fraud uncovered during the investigation. 

According to prosecutors, the lead defendant had been operating since 2019. He and accomplices allegedly used phishing and social engineering to impersonate individuals and businesses, targeting public aid schemes including MaPrimeRénov, which is now subject to temporary closure in a bid to combat fraud.

The Adecco data also allowed the creation of fake ID cards and social security documents used to open ‘mule’ bank accounts for laundering the stolen funds.

The firm, whose French headquarters are in Villeurbanne, is not on trial but has admitted a “security failure” in allowing an unsupervised intern access to sensitive national data. 

The case has raised wider concerns about data handling by major employment platforms.

Given the scale of the issue - with more than 2,400 individuals and organisations already registered as civil parties - proceedings are being broadcast from the courthouse to nearby university lecture rooms and via a dedicated online stream. 

The trial is expected to run until June 27, with further civil claims likely to follow.