France's National ID Agency Confirms Security Breach as Cybercriminals Claim 19 Million Records Stolen

Summary

France's National Agency for Secure Documents (ANTS) has confirmed a security incident affecting its ants.gouv.fr portal, which manages passports, ID cards, driver's licenses, and vehicle registrations. The breach, detected on April 15, exposed personal data including login credentials, names, email addresses, dates of birth, postal addresses, and phone numbers. However, the government stated that the exposed data does not include additional information submitted during procedures and does not allow unauthorized account access.

Cybercriminals operating under the aliases "breach3d" and "ExtaseHunters" are meanwhile claiming on dark web forums that they have stolen between 18 and 19 million records from the agency's internal infrastructure—roughly one-third of France's population. The attackers are actively selling the data and describing it as a fresh, "structural" compromise rather than a compilation of old leaks. The French government has not yet confirmed these numbers, and investigations are ongoing to determine the breach's origin and extent.

This incident occurs amid a troubling pattern of security lapses in French public-sector institutions, including recent breaches of the Education Ministry's ÉduConnect platform and the national bank account registry. The compromise of France's principal identity document agency represents a significant embarrassment for an organization whose core responsibility is protecting sensitive citizen data.

• French authorities are conducting technical investigations but have not yet verified the full extent of the breach or confirmed the criminals' claims