“The number of impacted accounts was 11.7 million,” the government agency later reported — a concrete scale for a breach that set off a criminal probe and the detention of a 15‑year‑old suspect.
ANTS: detection timeline and disclosure
France Titres (ANTS), the government agency that issues and manages administrative documents via the ants.gouv.fr portal, detected suspicious activity on its network on April 13, the Paris Prosecutor’s Office said. The agency notified authorities a few days later, on April 16, and on April 20 ANTS publicly disclosed that a threat actor had breached its systems and accessed data from individual and professional accounts on the portal.
In its update, ANTS said the number of impacted accounts was 11.7 million. Earlier public claims by the threat actor had offered up to 19 million records for sale; ANTS determined the actual affected data set and stated that the stolen data could not be used for unauthorized access.
Paris Prosecutor’s Office: detention, alias, and sale claims
Following an investigation, French authorities detained a 15‑year‑old suspected of selling data stolen in the ANTS breach. The Paris Prosecutor’s Office said the suspect allegedly used the moniker ‘breach3d’ to offer for sale between 12 and 18 million records that were claimed to have been taken in the ANTS incident. The government agency confirmed the breach and the authenticity of the data offered for sale on a cybercriminal forum by the actor using that alias.
A judge is now overseeing the case; based on the evidence found, prosecutors are seeking formal charges and have requested that the minor be placed under judicial supervision. Pending the investigating judge’s decision, the individual has not been formally charged.
Alleged offenses and statutory penalties
The minor faces allegations tied to digital intrusion and data theft. Prosecutors list charges including unauthorized access, persistence, and data exfiltration from a state‑run automated personal data processing system, along with possession of software that enables such offenses. The Paris Prosecutor’s Office notes these offenses carry a maximum sentence of seven years in prison and a fine of EUR 300,000.
Personal information exposed: what the agency identified
ANTS said that among the affected data types were full names, email addresses, dates of birth, postal addresses, and phone numbers. That inventory of personal information was part of the material the threat actor claimed to have compromised and later offered for sale on a cybercriminal forum under the alias ‘breach3d’. ANTS also maintained that, despite the volume of records, the stolen data could not be used for unauthorized account access.
How technologists, policymakers, and affected individuals are positioned
- Technologists and security teams: the timeline — detection on April 13, notification to authorities on April 16, and public disclosure on April 20 — points to forensic work already underway; investigators tied the public sale listing and alias ‘breach3d’ to the intrusion, and the case now sits with a judge.
- Policymakers and prosecutors: the Paris Prosecutor’s Office has framed the case with specific charges and statutory penalties, and prosecutors are seeking formal charges plus judicial supervision for the minor as the judicial process proceeds.
- Affected individuals and account holders on ants.gouv.fr: ANTS identified the specific categories of exposed personal information — names, email addresses, dates of birth, postal addresses, and phone numbers — while also stating the stolen data could not be used for unauthorized access.
The immediate facts now hinge on the judicial phase: prosecutors have asked for formal charges and judicial supervision, and an investigating judge is examining the evidence. The detention of a minor alleged to have marketed millions of records shifts the story from a technical breach to a criminal prosecution, and the next concrete step is the judge’s decision on the prosecution’s requests.
Source: BleepingComputer — 15-year-old detained over French govt agency data breach




