Emerging ThreatsData Breaches

France's ANTS Agency Exposes Data Breach After Hacker Offers Stolen Records for Sale

Analyst 207||Source: BleepingComputer
Dark French landscape with shattered computer screen, scattered papers, and ghostly figures, featuring a misty Eiffel Tower…

“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,” reads ANTS’s announcement.

What ANTS says about the incident

France Titres — also known as Agence nationale des titres sécurisés (ANTS) — disclosed that it detected a security incident last week and that an investigation is ongoing. ANTS said several types of account information “may have been exposed” for an undisclosed number of individuals and that it is in the process of notifying those identified as impacted. The agency advised that no immediate action is required from users but urged them to remain “highly vigilant regarding any suspicious or unusual messages they may receive (SMS, phone calls, emails, etc.) that appear to come from ANTS.”

ANTS emphasized that the exposed information “does not allow unauthorized access to its electronic portals,” while warning that the same data could be repurposed for phishing and social engineering campaigns. The agency has notified the data protection authority (CNIL), the Paris Public Prosecutor, and the national cybersecurity agency (ANSSI), and said the sale or dissemination of the data is illegal.

Data types flagged as exposed and the attacker’s claim

In its bulletin ANTS listed the categories of data that may have been disclosed: login ID, full name, email address, date of birth, unique account identifier, and — for some users — postal address, place of birth, and phone number. A day after ANTS detected the incident, a threat actor using the moniker “breach3d” posted on hacker forums claiming responsibility and alleging to be holding up to 19 million records.

The threat actor’s post, according to media reporting, said the stolen material included full names, contact details, birth data, home addresses, account metadata, and gender and civil status. The actor has offered the data for sale for an undisclosed amount; BleepingComputer reported the dataset has not been broadly leaked yet. BleepingComputer also contacted ANTS about the attacker’s allegations but had not received a response as of publishing.

ANTS’s role and why the breach is consequential

ANTS operates under the French Ministry of the Interior as the administrative body charged with issuing and managing official identity and registration documents. The agency’s remit includes driver’s licenses, national ID cards, passports, and immigration documents. Those responsibilities give ANTS custodianship of systems and accounts that touch a wide range of personal records, which helps explain the alarm raised by both the agency’s notice and the attacker’s claim of millions of records.

Notifying CNIL, the Paris prosecutor, and ANSSI

ANTS reported it has informed CNIL, the Paris Public Prosecutor, and ANSSI and has involved the national cybersecurity agency in its response effort. ANTS also stated it is notifying users identified as impacted. The agency framed the sale or dissemination of the data as unlawful and reiterated guidance that users should be alert to suspicious communications purporting to come from ANTS.

How technologists, regulators, and citizens are likely to respond

  • Technologists and security teams: expect to monitor for phishing and social-engineering campaigns that reuse the exposed fields (names, emails, birthdates, addresses). Security teams responsible for public-facing portals and account notification mechanisms will be watching for evidence of abuse tied to the disclosed identifiers.
  • Regulators and prosecutors: CNIL and the Paris Public Prosecutor — both notified by ANTS — will be looking at compliance and legal avenues if the dataset is authenticated or if dissemination takes place; ANSSI’s involvement suggests technical forensics and containment will be priorities.
  • Citizens and account holders: ANTS has said no action is required immediately but that affected users will be notified; meanwhile, individuals are advised to exercise “extreme caution” with unsolicited SMS, phone calls, or emails that appear to come from the agency.

The immediate facts are narrow but consequential: ANTS detected a security incident on April 15, 2026; it has confirmed the possibility of exposed account data; an attacker claiming the handle “breach3d” posted a claim on April 16 alleging up to 19 million records and is offering the material for sale; and ANTS has notified CNIL, the Paris Public Prosecutor, and ANSSI while beginning user notifications. The investigation and verification of the attacker’s claims remain ongoing, and whether the records are authentic, how many individuals are affected, and whether any illicit use of the data has begun are concrete questions that ANTS and the authorities will need to answer publicly as they proceed.

Original reporting: BleepingComputer — French govt agency confirms breach as hacker offers to sell data

Data BreachEmerging ThreatsEuropeFranceInformation DisclosureANTSNational Agency For Secure DocumentsGovernment Data Exposure
Related Intelligence

Continue Reading

Brightly-lit office setting with computer workstation in foreground and blurred screen.

Multiple Breaches Expose Sensitive Data Across Industries

Sensitive data has been compromised across various industries in a series of alarming breaches, including a clever social engineering scam that exposed info of 6 million Carnival Corporation customers and two incidents involving learning management company Instructure's Canvas platform. These breaches highlight the growing threat of cyber attacks and the importance of robust data protection measures.

Analyst 207
Dental office with scattered papers and blurred computer screen.

DentaQuest Breach Exposes 2.6 Million Accounts

A major data breach at DentaQuest has exposed a staggering 2.6 million accounts, after an extortion group called ShinyHunters claimed to have stolen over 234 GB of sensitive data. The breach was confirmed by DentaQuest on June 2, who assured customers they are actively managing the cybersecurity incident.

Analyst 207
Secure server room interior with highlighted network cable.

Secure Infrastructure Unlocks AI's Defense Potential

As Dave Wajsgras, chairman and CEO of Everfox, aptly puts it, AI's trustworthiness is only as strong as the security of its underlying data, networks, and access controls. A recent incident involving Anthropic's Claude Mythos model serves as a stark reminder of the risks, with an unauthorized group reportedly gaining access in mere hours.

Analyst 207
Crowded stadium concourse with people walking, some on phones, with a laptop on a food tray in the foreground.

Cybercriminals Target FIFA World Cup 2026 with Sophisticated Scams

As the 2026 FIFA World Cup approaches, cybercriminals are gearing up to scam unsuspecting fans with sophisticated ticketing scams, counterfeit sites, and panic-inducing mechanics. Experts warn that this major event has become a prime target for cyberattacks, with thousands of fraudulent domains and fake Facebook ads already circulating.

Analyst 207