10,000 passports on the darknet?

Thousands of passports published on the dark web

On May 16, 2023, the Voyageurs du Monde travel agency was the victim of an unprecedented cyberattack. Hackers from the Lockbit group claimed responsibility for the attack and published sensitive data on the darknet. “Following our firm refusal to pay the ransom demanded”, the “passport data relating to collective trips have been published by hackers”said the agency’s CEO in a letter to his clients.

According to the information made public, the hackers published “ 10,000 passports and tons of confidential data”. This personal and high market value information, mainly relating to French customers, might be used to steal identities, take out loans or set up various cyber scams.

When we know deadlines for renewing a passport and thus render obsolete the pirated or sold version on the Internet, the challenge of cyberattacks is to take advantage of this time period of seven weeks on average, depending on the prefectures in which the application is filed.

Agency response to cyberattack

In response to this attack, the agency assured that the hackers do not have a priori any other sensitive information. She also pointed out that the elements necessary for the organization of trips are stored in a legal manner and temporary. Since the attack, the agency has tightened the security of its systems to prevent further such incidents.

The Paris public prosecutor’s office has opened an investigation into this case, in particular to « organized gang extortion » et « fraudulent access and maintenance in an automated data processing system”. The investigations were entrusted to the General Directorate of the National Gendarmerie and to the Central Directorate of the Judicial Police.

This is neither the first nor the last time that such a leak has happened to a company. The Canadian BRP, which specializes in the manufacture of recreational products, was also the victim of a major cyberattack. The hackers stole personal information, details of agreements with suppliers, as well as confidentiality agreements. The stolen data, which includes copies of passports, temporary resident visas and resumes, was made accessible on the dark web. The company said employees potentially affected by the incident have been personally contacted and credit monitoring services have been made available to them.