French government agency admits data breach as hacker alleges up to 19 million sensitive records stolen – breach may have exposed 'data from individual and professional accounts'

News
By published

A hacker is selling data apparently stolen from ANTS

Digital crime by an anonymous hacker
(Image credit: Shutterstock)
  • France Titres (ANTS) confirms cyberattack and theft of 19M records offered on dark web
  • Stolen data includes names, contact details, birthdays, addresses, account metadata, gender, and civil status
  • Agency warns of phishing risks; investigation ongoing with law enforcement and cybersecurity experts, affected users already notified

France Titres (ANTS), the French government body responsible for managing and issuing official identity and registration documents, confirmed suffering a cyberattack and data theft, after cybercriminals offered to sell the stolen files on the dark web.

Last Thursday, a threat actor with the alias ‘breach3d’ posted a new thread on a dark web forum, offering the sale of 19 million records. They claimed to have picked them up from France Titres, and that they contain people’s names, contact details, birthday information, postal addresses, account metadata, gender information, and civil status.

Soon after, ANTS issued an announcement, confirming that the breach did happen: “On Wednesday, April 15, 2026, the National Agency for Secure Credentials (ANTS) detected a security incident that may involve the disclosure of data from private and professional accounts on the ants.gouv.fr portal,” the machine-translated announcement reads.

Article continues below

No user action requred

The agency also confirmed the type of data stolen in the attack, but added that the miscreants do not have access to the portal, or people’s accounts.

A more thorough investigation is currently underway, with both law enforcement agencies and third-party cybersecurity professionals. Affected individuals were already notified, ANTS confirmed.

The agency also said that users are not required to do anything at this point. However, it did warn them about potential phishing attacks in the near future, from cybercriminals posing as the agency. With so much personal information, crooks can create convincing phishing lures, paired with fake login and landing pages.

That way, they can trick victims into trying to log in, effectively stealing their login credentials. In some cases, they can even engage in identity theft and initiate fraudulent wire transfers on behalf of the victims.

The agency warned that selling or sharing the stolen data in any way is a criminal offense.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.