1 week ago
8
ARTICLE AD BOX
France’s Ministry of Economics, Finance and Industrial and Digital Sovereignty recently revealed that an unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.
The incident is said to have taken place in January, after unknown attackers used stolen credentials to access the database.The Ministry said that the attacker's access was restricted immediately upon discovery of the attack, however, the hacker still managed to access personal information of about 1.2 million accounts. The stolen details include account numbers, account holder’s addresses, and tax identification numbers.
France’s government has mobilized the agencies that fight this sort of incident, and warned account holders to be on the lookout for suspicious messages.
What France’s Ministry of Economics, Finance and Industrial and Digital Sovereignty said
Investigations carried out by the Directorate General of Public Finances (DGFiP) have identified illegitimate access to the national bank account file (FICOBA). Starting at the end of January 2026, a malicious actor, having impersonated a civil servant with access rights for inter-ministerial information exchange, was able to view a portion of this file, which lists all bank accounts held in French banking institutions and contains personal data: bank details (RIB/IBAN), account holder's identity, and address.
The user's tax identification number was not accessed during the unauthorized access to FICOBA. Upon detection of this incident, immediate access restrictions were implemented to stop the attack, limit the amount of data accessed and extracted from this database—which reportedly includes 1.2 million accounts—and prevent any further unauthorized access. Work is underway to restore service with optimal security.
Affected users will receive individual notifications in the coming days alerting them that their data may have been accessed.Contact has already been established with banking institutions in order to raise customer awareness of the need for increased vigilance. The IT teams at the French Public Finances Directorate (DGFiP) are fully mobilized, in conjunction with the services of the Ministry of Finance (the Senior Defense and Security Official's office – HFDS) and the National Cybersecurity Agency of France (ANSSI), to address this incident and strengthen the security of the information system (IS).
The incident has also been reported to the National Commission for Information Technology and Civil Liberties (CNIL), and a formal complaint has been filed.
Security tips for users
* Numerous scams are circulating via email or SMS, aiming to obtain information or payments from users. These frauds now affect all audiences, both individuals and businesses. If you have any doubts, it is best not to reply directly.* The tax authorities will never ask for your login details or bank card number via text message. Even if the sender appears to be from the DGFiP (French Public Finances Directorate), contact your tax office directly through the secure messaging system in your online account or by phone to verify the authenticity of the message.* If you suspect fraudulent use of your personal data, we recommend that you keep all evidence (messages, website address, screenshots, etc.). You can also consult the resources on the website cybermalveillance.gouv.fr.
English (US) ·