French Government Agency Confirms Data Breach After Hacker Claims to Sell 19 Million Records

France's Agence nationale des titres sécurisés (ANTS), the government agency responsible for issuing administrative documents including driver's licenses, national ID cards, passports, and immigration documents, has confirmed a data breach after a threat actor claimed responsibility for the attack and offered to sell stolen citizen data.

Breach Discovery and Initial Response

The security incident was detected on Wednesday, April 15, 2026, when ANTS identified unauthorized access to its electronic portal, ants.gouv.fr. The agency, which operates under the French Ministry of the Interior, immediately launched an investigation and notified relevant authorities including the data protection authority (CNIL), the Paris Public Prosecutor, and the national cybersecurity agency (ANSSI).

According to ANTS's official announcement, the breach may have involved the disclosure of data from individual and professional accounts on their portal. While the agency stated that the exposed information does not allow unauthorized access to its electronic portals, the same data can be exploited for phishing and social engineering attacks.

Types of Compromised Data

The breach potentially exposed several categories of personal information for an undisclosed number of individuals:

• Login ID
• Full name
• Email address
• Date of birth
• Unique account identifier
• Postal address (for some individuals)
• Place of birth (for some individuals)
• Phone number (for some individuals)

ANTS has begun notifying affected individuals and emphasized that no action is required from users, though they should remain highly vigilant regarding suspicious communications appearing to come from the agency.

Hacker Claims and Data Sale

On April 16, 2026, a threat actor using the moniker 'breach3d' claimed responsibility for the attack on hacker forums, alleging possession of up to 19 million records. The threat actor's post, which has been circulating on dark web forums, claims the stolen data contains:

• Full names
• Contact details
• Birth data
• Home addresses
• Account metadata
• Gender and civil status

Threat actor's post on hacker forums Source: @IntCyberDigest

The data has been offered for sale for an undisclosed amount, suggesting the information has not yet been broadly leaked or distributed. ANTS has warned that the sale or dissemination of the data is illegal.

Security Implications and Expert Analysis

Data breaches involving government agencies that manage identity documents present particularly serious risks. The compromised information from ANTS could be used to:

1. Create synthetic identities by combining stolen data with other breached information
2. Facilitate targeted phishing campaigns using personal details to appear legitimate
3. Enable social engineering attacks against government services and financial institutions
4. Support identity theft attempts for opening fraudulent accounts

Cybersecurity experts note that breaches of this nature often lead to long-term consequences for affected individuals, as the stolen data can be used for years in various fraud schemes.

Government Response and Prevention Measures

The French government's multi-agency response demonstrates the seriousness with which such breaches are treated. The involvement of ANSSI, France's national cybersecurity agency, suggests a comprehensive investigation is underway to determine the full scope of the compromise and prevent future incidents.

For affected individuals, ANTS recommends:

• Maintaining heightened vigilance for suspicious communications
• Being cautious of unsolicited messages claiming to be from ANTS
• Monitoring financial accounts for unusual activity
• Being aware that government agencies typically don't request sensitive information via email or phone

Context and Similar Incidents

This breach follows a pattern of recent high-profile data compromises affecting major organizations. Similar incidents have occurred at LexisNexis, Vercel, Amtrak, and McGraw Hill, highlighting the ongoing challenges organizations face in protecting sensitive citizen and customer data.

The ANTS breach is particularly concerning given the agency's role in managing foundational identity documents that are critical for accessing various government services and for establishing legal identity in France.

As the investigation continues, affected individuals and cybersecurity professionals will be watching closely for further developments regarding the extent of the breach and the measures being implemented to prevent similar incidents in the future.