France's 'Secure' ID agency probes breach as crooks claim 19M records

Gov admits 'incident' as forum sellers boast of fresh haul covering up to a third of the population
France's National Agency for "Secure" Documents is explaining a potential data spill just as crooks online claim they've nicked a third of the country's ID information.

The French Interior Ministry this week confirmed a security incident affecting the ants.gouv.fr portal, run by the National Agency for Secure Titles – now rebranded as France Titers – which handles everything from passports and ID cards to driver's licenses and vehicle registrations.

Officials say the data theft, detected on April 15, may have exposed personal data tied to user accounts, including login IDs, full names, email addresses, dates of birth, unique account identifiers, postal addresses, and telephone numbers.

"The disclosure of data does not include additional data submitted during the various procedures, such as attachments," the notice stressed.

"This personal data does not allow unauthorized access to the portal account."
A cyber baddie operating under the aliases "breach3d" and "ExtaseHunters" has since popped up on criminal forums claiming they broke into the agency's internal infrastructure and walked off with between 18 and 19 million records.

If true, that's roughly a third of France's population.

The criminal is actively shopping the data and insists it's the real deal, describing it as a fresh, "structural" compromise rather than the usual stitched-together dump of old leaks.

"These 18 to 19 million files contain an impressive amount of personally identifiable information," the listing reads.

"It seems the French government would do better to stick to the culinary arts: their digital defenses are as crumbly as their croissants."
So far, the government hasn't confirmed those numbers, and there's no detail on how the attackers got in or how long they may have had access.

"Technical investigations, which began as soon as the incident was detected, are ongoing," the Ministry said.

"They are being conducted by ANTS teams and the relevant services.

They aim to determine precisely the origin and extent of the incident."
The timing falls in the middle of a run of public-sector security hiccups for France.

The Education Ministry recently disclosed an intrusion tied to impersonation of an authorized staff account, which gave attackers access to a service linked to the ÉduConnect platform used by students and families.

Earlier this year, attackers also got into part of France's national bank account registry, exposing data tied to around 1.2 million accounts.

Whether this latest info spill lives up to the forum hype or not, it's not a great look for an outfit whose entire job is supposed to be keeping identity data under lock and key.

®