The report from CERT-FR highlights incidents targeting social sector entities managing personal data, providing insights, recommendations, and lessons learned from handling these unauthorized data exfiltrations affecting millions of French citizens. The document emphasizes the need for better data protection practices from project inception and addresses the insufficiencies in data handling and access methods observed during incident responses, without aiming to be a comprehensive data protection guide.
https://www.cert.ssi.gouv.fr/cti/CERTFR-2024-CTI-009/