French Ministry of Finance confirms hackers stole sensitive banking data from FICOBA registry using compromised civil servant credentials, affecting 1.2 million accounts with bank details, addresses, and taxpayer IDs.
The French Ministry of Finance has confirmed a major cybersecurity breach affecting the national bank account registry, FICOBA, resulting in the theft of sensitive data associated with 1.2 million user accounts.
The breach was discovered in late January when threat actors gained unauthorized access to the interministerial information sharing platform using credentials stolen from a civil servant. This access allowed hackers to exfiltrate a database containing comprehensive banking information.
Scope of the Compromised Data
The stolen database included highly sensitive personal and financial information:
- Bank account details, including RIBs/IBANs
- Account holder identity information
- Physical addresses
- Taxpayer identification numbers (in some cases)
FICOBA serves as France's centralized state-managed registry of bank accounts, operated by the Direction générale des Finances publiques (DGFiP). The system functions as a comprehensive database recording account existence and identifiers, with data provided by French banking institutions in accordance with tax enforcement law requirements.
Immediate Response and Ongoing Impact
Upon detecting the breach, the Ministry took immediate action to restrict the threat actor's access to its systems. However, authorities believe that data from approximately 1.2 million accounts had already been exposed during the window of unauthorized access.
The cyberattack has significantly disrupted FICOBA's operations, and while work is underway to restore the system with enhanced security measures, no timeline has been provided for when the registry will return to full operational status.
Notification and Banking Sector Response
Affected users will receive individual notifications over the coming days. The Ministry has informed banking institutions across the country, which are expected to proactively communicate with their customers about the breach and advise on increased vigilance.
Heightened Scam Risk
Citizens are being warned about a surge in fraudulent activities following the breach. The Ministry specifically highlighted numerous scam attempts circulating via email and SMS that aim to steal additional data or money directly from recipients.
"The tax administration never asks for your login credentials or bank card number via message," the French ministry emphasized in its warning to citizens.
Investigation and Security Enhancements
The French data protection authority, CNIL, has been formally notified about the incident. The DGFiP's IT team is collaborating with the Ministry of Finance and the National Cybersecurity Agency of France (ANSSI) to strengthen system security and restore full operational capabilities.
This breach represents one of the most significant compromises of French financial infrastructure in recent years, highlighting the critical importance of securing government-managed financial databases and the potential cascading effects when such systems are compromised.
Related Security Incidents in France
This breach follows a pattern of significant data security incidents in France:
- France fined unemployment agency €5 million over data breach
- Free Mobile received a €42 million fine over a 2024 data breach incident
- Monroe University reported a 2024 data breach affecting 320,000 people
These incidents collectively underscore the growing cybersecurity challenges facing French institutions and the substantial financial and reputational risks associated with data breaches involving sensitive personal and financial information.
Comments
Please log in or register to join the discussion