French government agency confirms breach as hacker offers to sell data
Source: Hacker News
France Titres, the government agency in France for issuing and managing administrative documents, has disclosed a data breach after a threat actor claimed responsibility and stole citizen data.
Also known as Agence nationale des titres sécurisés (ANTS), the administrative body operates under the French Ministry of the Interior, serving as the managing authority for official identity and registration documents in France. This includes driver’s licenses, national ID cards, passports, and immigration documents.
According to an announcement the agency published yesterday, the attack occurred last week. While the investigation is still ongoing, several data types for an undisclosed number of individuals may have been exposed.
“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,” reads ANTS’s announcement.
Types of data that may have been exposed
- Login ID
- Full name
- Email address
- Date of birth
- Unique account identifier
- Postal address (for some)
- Place of birth (for some)
- Phone number (for some)
ANTS stated that it is currently in the process of notifying those identified as impacted. The agency noted that the exposed information does not allow unauthorized access to its electronic portals, but the same data can be used in phishing and social engineering attacks.
“No action is required from users. However, they are advised to remain highly vigilant regarding any suspicious or unusual messages they may receive (SMS, phone calls, emails, etc.) that appear to come from ANTS,” the agency warned.
ANTS has notified the data protection authority (CNIL), the Paris Public Prosecutor, and has also involved the national cybersecurity agency (ANSSI) in the response effort. The agency warned that the sale or dissemination of the data is illegal.
19 million records claimed stolen
On April 16, a threat actor using the moniker ‘breach3d’ claimed on hacker forums that they had stolen up to 19 million records from ANTS. The alleged data includes full names, contact details, birth data, home addresses, account metadata, gender, and civil status. The data has been offered for sale for an undisclosed amount and has not been broadly leaked yet.
ANTS says that users do not need to take any action but recommends exercising “extreme caution” about suspicious or unusual communication over SMS, voice, and email appearing to come from the agency.
BleepingComputer has contacted ANTS to ask about the threat actor’s allegations, but no response had been received as of publishing.