RSS
Last updated: May 14, 2026 at 10:49 AM UTC
All 219 Vulnerability 76 Breach 45 Threat 91 Defense 7
Tag: identity-theft (1 article)Clear
breach
2026-04-21

French govt identity documents agency ANTS confirms breach - hacker claims 19 million citizen records for sale

France Titres (Agence nationale des titres securises, ANTS), the French government agency responsible for issuing driver's licenses, national ID cards, passports, and immigration documents, has confirmed a security incident on the ants.gouv.fr portal. The agency detected the compromise on April 15 and published an acknowledgment April 20, saying individual and professional account data may have been exposed. On April 16, a threat actor using the alias 'breach3d' claimed responsibility on a hacker forum, alleging theft of up to 19 million records. The attacker says the stolen data contains full names, contact details, birth data, home addresses, account metadata, gender, and civil status. ANTS operates under the French Ministry of the Interior and is the authoritative source for official French identity documents, making any data leak a foundational risk for downstream phishing, social engineering, and identity fraud. The agency has notified France's data protection authority (CNIL), the Paris Public Prosecutor, and national cybersecurity agency ANSSI. ANTS is telling users no action is required but to exercise 'extreme caution' with any SMS, phone calls, or emails claiming to come from the agency - the stolen data is ideal raw material for targeted impersonation scams.

antsfrance-titresgovernment-breachidentity-theftphishing-riskbreach3dfrance
Check
If your business operates in France or handles French citizen data via identity verification, treat every inbound communication appearing to come from ANTS or French government services as potentially part of a phishing campaign over the coming months.
Affected
French citizens and residents with ants.gouv.fr accounts. Businesses operating in France that rely on ANTS-issued documents for KYC/AML checks. Any business with customer bases in France faces elevated phishing risk since the stolen data gives attackers accurate personal details to impersonate official government communications.
Fix
Brief French-based staff and customers that ANTS has been breached and that any unsolicited SMS, call, or email referencing French identity documents should be treated as potentially hostile. Confirm that your KYC verification flows don't rely solely on ANTS-sourced data elements (name, birthdate, address) as proof-of-identity - if that data is now circulating on criminal forums, it can no longer be treated as a strong identity signal. Strengthen inbound email filtering for domains impersonating ants.gouv.fr. Add the 'breach3d' alias and any advertised record counts to your threat intel watchlist for the next 90 days.