French Government Document Authority Discloses Security Incident
France Titres, formally known as the Agence nationale des titres sécurisés (ANTS), has officially acknowledged a data breach following claims by a threat actor who alleges to have stolen citizen data from the agency's systems. ANTS operates under the French Ministry of the Interior and serves as the central authority responsible for issuing and managing official identity and registration documents in France — including driver's licenses, national ID cards, passports, and immigration paperwork.
The agency published an announcement on April 20, 2026, disclosing that the incident was detected the week prior and that an investigation remains ongoing. The number of individuals affected has not yet been confirmed.
What Happened and When
According to the official statement from ANTS:
"On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal."
The agency confirmed that several categories of personal data may have been exposed as a result of the breach, though it stopped short of revealing how many people were impacted.
Categories of Exposed Data
Based on ANTS's disclosure, the following types of information may have been compromised:
- Login ID
- Full name
- Email address
- Date of birth
- Unique account identifier
- Postal address (for some users)
- Place of birth (for some users)
- Phone number (for some users)
ANTS was careful to clarify that the exposed data does not provide a pathway for unauthorized access to its electronic portals. Nevertheless, the agency acknowledged that such information could be leveraged in phishing campaigns and social engineering attacks targeting affected individuals.
Guidance for Users and Official Response
The agency has stated that no immediate action is required from users, but it strongly urges heightened vigilance regarding suspicious or unusual messages — whether delivered via SMS, phone call, or email — that appear to originate from ANTS.
In its response to the incident, ANTS has taken the following steps:
- Notified the French data protection authority, the CNIL
- Filed a report with the Paris Public Prosecutor
- Engaged the national cybersecurity agency, ANSSI, in the incident response effort
- Begun the process of individually notifying those identified as impacted
The agency also issued a reminder that the sale or dissemination of the stolen data constitutes an illegal act under French law.
Threat Actor Claims 19 Million Records
One day after the intrusion was detected — on April 16, 2026 — a threat actor operating under the handle 'breach3d' claimed responsibility for the attack on hacker forums, asserting possession of as many as 19 million records stolen from ANTS.
According to the threat actor's post, the stolen dataset allegedly contains:
- Full names
- Contact details
- Birth data
- Home addresses
- Account metadata
- Gender and civil status information
The data has been listed for sale at an undisclosed price. As of the time of reporting, the records had not been broadly leaked to the public, meaning wider exposure could still occur if a buyer is found.
Investigation Still Active
ANTS has reiterated its recommendation that users exercise extreme caution regarding any suspicious communications that claim to come from the agency, particularly over SMS, voice calls, and email channels. The agency did not provide a timeline for when its investigation is expected to conclude.
BleepingComputer reached out to ANTS for comment on the threat actor's specific allegations but had not received a response by the time of publication.
The breach adds ANTS to a growing list of government and institutional entities that have faced significant data exposure incidents in recent months, underscoring the persistent threat posed to organizations that maintain large repositories of sensitive citizen data.
Source: BleepingComputer