April 8, 2026 eBuilder signs an agreement for MDR/SOC with a hotel business.
March 13, 2026 eBuilder signs an agreement for SOC-operations with a Swedish municipality.
March 2, 2026 A communications/branding agency chooses eBuilders Complorer for cybersecurity training
March 2, 2026 Large international steel company chooses eBuilder as supplier for Penetration testing
March 2, 2026 Large international steel company chooses eBuilders Complorer for cybersecurity training
February 13, 2026 eBuilder Security signs an agreement for continuous pen testing with a Swedish AI-company
February 11, 2026 eBuilder Security sells Complorer Security Awareness training to a Swedish unemployment insurance fund
January 30, 2026 eBuilder sigs an agreement with a Swedish municipality for MDR/SOC.
Company News
mobile-menu-icon
Data Breaches

French Identity Document Agency Hit by Cyberattack, 19 Million Records at Risk

Date April 21, 2026 / 3 Min Read
French Identity Document Agency Hit by Cyberattack, 19 Million Records at Risk

France’s National Agency for Secure Documents was breached on April 15, potentially exposing personal data belonging to millions of citizens who applied for passports, identity cards and driver’s licenses. The Interior Ministry confirmed the attack on the ANTS portal on Monday, though it disputes threat actor claims that 19 million records were stolen.

The compromised data includes login credentials, names, email addresses, dates of birth, postal addresses, places of birth and telephone numbers according to the Interior Ministry statement. Additional information such as the unique identifier associated with each account may also have been accessed. The Record from Recorded Future News reported the incident was detected on April 15 with the ministry’s announcement coming five days later.

Threat Actors Claim 19 Million Records Stolen

Cybercriminals posted on BreachForums claiming to possess a dataset of 18-19 million records from ANTS, complete with names, emails, phone numbers, birth details, addresses and account metadata. Security Affairs reported the threat actors are offering the dataset for sale, though French security researcher Baptiste Robert of Predicta Labs noted that “attackers still haven’t provided any data sample to support them” despite their bold claims.

The attackers uploaded a screenshot of an internal CHEOPS portal with “WE ARE STILL HERE” written where a user’s password should appear along with one blurred ID card image. This suggests the breach may have reached police officer identification systems, though the extent remains unconfirmed.

France’s Year of Escalating Breaches

The ANTS incident marks the latest in an unprecedented wave of cyberattacks against French institutions. Earlier in February, hackers breached France’s National Bank Accounts File, exposing information linked to 1.2 million accounts out of more than 300 million entries. In December, the Interior Ministry itself was breached with attackers claiming access to confidential files on judicial records and wanted persons.

Cybernews data shows France experienced 58 ransomware incidents in early 2026 alone, a 29% increase from the same period in 2025. The country now ranks fifth globally for ransomware targeting after the United States, Canada, the United Kingdom and Germany. This escalation has left cybersecurity experts warning that France is becoming “operationally paralyzed” by the frequency of attacks.

Government Response Follows Established Protocol

French authorities reported the ANTS breach to the National Commission for Information Technology and Civil Liberties (CNIL), notified prosecutors and alerted the national cybersecurity agency ANSSI. Government cybersecurity experts launched investigations to identify the attack vector and assess the full scope of compromised data.

The Interior Ministry stated no action is required from users, though it warned that individuals whose data was stolen face higher risk of targeted phishing attempts. The ministry plans to contact affected individuals directly once the investigation determines the precise number of compromised accounts.

ANTS processes applications for French passports, national identity cards, residence permits and driver’s licenses through its ants.gouv.fr portal. The agency has not disclosed whether systems remained operational during the breach or if document processing was disrupted.

References

  1. Cyberattack at French identity document agency may have exposed personal data
  2. France’s ANTS ID System website hit by cyberattack, possible data breach
  3. French document agency cyberattack: Personal data leak impacts ID and passport holders
  4. Experts warn France “operationally paralyzed” as cyberattacks hit 58 incidents in 2026 alone

This post is also available in: Svenska

Related News


Booking.com Data Breach Exposes Millions as WhatsApp Scammers Strike

Booking.com confirmed Monday that hackers accessed customer reservation data in a breach that appears to have been running undetected since early April. The travel platform…

calendar April 15, 2026
Vilhelmina and Dorotea Municipalities Hit by Ransomware Attack Amid Regional Wave

Vilhelmina and Dorotea Municipalities Hit by Ransomware Attack Amid Regional Wave

calendar April 15, 2026

Eurail Breach Exposes 308,777 Passport Numbers After Christmas Attack

Eurail B.V. confirmed that attackers breached its network on 26 December 2025 and stole passport numbers and personal data belonging to 308,777 travellers. The Dutch…

calendar April 10, 2026
Dutch Ministry of Finance Shuts Treasury Portal After Cyberattack

Dutch Ministry of Finance Shuts Treasury Portal After Cyberattack

calendar April 2, 2026
Intesa Sanpaolo Hit With €31.8 Million Fine After Employee Accessed 3,573 Customer Accounts

Intesa Sanpaolo Hit With €31.8 Million Fine After Employee Accessed 3,573 Customer Accounts

calendar March 31, 2026

Take the next step - secure your business

Ensure your company is protected against cyber threats. Contact us to learn more.

Contact Us
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.