France’s Ministry of Labor and Employment announced on Thursday that it discovered a cyberattack suspected to have impacted the data of young people it was helping get into employment.

According to the ministry’s statement, the attack directly impacted an unnamed service provider used by the department’s network of “Local Missions” — places that offer advice and support to people between the ages of 16 and 25 about work and training.

The attack is believed to have taken place last week, on the night of Wednesday October 23, said the ministry.

“Investigations are underway at the service provider to determine the origin of this event. The security of the information systems of the local missions network itself is not in question,” the statement added.

There is a risk that the incident could involve the disclosure of personal data for young people who have been registered with the ministry’s Local Missions system, including their full names, dates of birth, nationality, email and postal addresses, and phone numbers.

It did not state how many individuals were believed to have been affected, nor for how many years the Local Mission project’s records date back to. The program began in the 1980s.

“The bank details (IBAN), social security number and identity document of young people are not, however, affected by this malicious act.”

The statement added that although the technical investigation hasn’t been completed, and “measures aimed at strengthening the security of the information system” are yet to be fully implemented, it has taken several steps to address the breach.

The incident has been reported to France’s privacy regulator, the CNIL, and to France’s cybersecurity agency ANSSI, and a complaint has been filed with the country’s judicial authorities.

The young people affected by the cyberattack are being informed, and communications are also being made to, “where applicable, their legal representatives,” added the ministry.

Anyone who might be impacted has been cautioned to be “extremely vigilant regarding the risks of phishing (fraudulent emails, text messages or calls) or attempts at identity theft. We remind them to never communicate their password or bank details by telephone, text message or email.”