French government data stolen, hacker claims to have 19M records
What's the story
The French government agency responsible for issuing and managing national IDs, passports, and immigration documents has confirmed a data breach. The Agence Nationale des Titres Securises (ANTS) revealed that the stolen data could include personal information such as full names, dates and places of birth, mailing and email addresses, and phone numbers of an undisclosed number of citizens. ANTS detected the attack on April 15 but did not reveal how many people were affected.
Data exposure
Concerns about the scale of the breach
A hacker has posted the stolen data on a hacking forum, claiming to have a database with 19 million records, according to Bleeping Computer. The hacker's post detailed the same type of stolen information as ANTS's announcement and was published before ANTS publicly disclosed the breach on April 20. This has raised concerns about the scale of the breach and its potential impact on millions of citizens.
Account breach
Personal and professional accounts affected
The cyberattack on the ANTS platform, a key player in administrative work, was confirmed by France's Interior Ministry. The breach affected both personal and professional accounts on the ants.gouv.fr portal. Preliminary findings indicate that data such as names, email addresses, dates of birth, passwords, and unique identifiers could have been accessed during this incident.
Extra exposure
Compromised data cannot be used for unauthorized access
In some cases, the compromised data could also include postal addresses, places of birth, and phone numbers. However, authorities have stressed that more sensitive materials like documents uploaded during administrative procedures were not affected by this breach. They also clarified that the compromised data cannot be used to gain unauthorized access to user accounts on the platform.
Risk warning
Investigation launched into breach
While no immediate action is required from users, those affected could face a higher risk of scams, particularly phishing attempts. Users have been warned to remain cautious if they receive emails related to the incident. The origin of the attack remains unclear and French authorities have not attributed it to any specific group or motive. An investigation has been launched to better understand the scope of the breach and its potential consequences.