Detention of 15-Year-Old in France Govt Agency Breach
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. The government agency confirmed the breach and the authenticity of the data offered for sale on a cybercriminal forum by someone using the alias ‘breach3d’.
On April 13, ANTS detected suspicious activity on its network and notified authorities a few days later, on April 16, the Paris Prosecutor’s Office said. Following an investigation, the authorities believe that the suspected 15-year-old used the moniker ‘breach3d’ to offer for sale between 12 and 18 million records stolen in the ANTS data breach.
Charges and Potential Sentence
The minor faces charges for unauthorized access, persistence, and data exfiltration from a state-run automated personal data processing system, as well as for possession of software that enables the offenses. The offenses carry a maximum sentence of seven years in prison and a fine of EUR 300,000, the Paris Prosecutor’s Office notes in a press release.
A judge is now overseeing the case. Based on the evidence found, prosecutors are seeking formal charges and have requested that the minor be placed under judicial supervision.
Exposed Personal Information
On April 20, ANTS disclosed that a threat actor breached its systems and accessed data from individual and professional accounts on the ants.gouv.fr portal. The government agency determined that among the affected data types were full names, email addresses, dates of birth, postal addresses, and phone numbers.
The announcement came after a threat actor claimed to have compromised ANTS and offered to sell up to 19 million records allegedly stolen in the attack. In an update on the incident, the agency said that the number of impacted accounts was 11.7 million, but the stolen data could not be used for unauthorized access.
Investigation and Next Steps
Pending the investigating judge’s decision, the 15-year-old minor has not been formally charged. The investigation is ongoing, and the authorities are working to determine the full extent of the breach and the damage caused.
The incident highlights the importance of cybersecurity and the need for organizations to protect their systems and data from cyber threats. It also raises concerns about the involvement of minors in cybercrime and the need for education and awareness programs to prevent such incidents.
- The breach occurred on April 13, when ANTS detected suspicious activity on its network.
- The authorities were notified on April 16, and an investigation was launched.
- The suspected 15-year-old used the alias ‘breach3d’ to offer the stolen data for sale on a cybercriminal forum.
- The minor faces charges for unauthorized access, persistence, and data exfiltration, as well as for possession of software that enables the offenses.
The incident is a reminder of the importance of cybersecurity and the need for organizations to protect their systems and data from cyber threats. It also highlights the need for education and awareness programs to prevent such incidents and to prevent minors from becoming involved in cybercrime.
Source: BleepingComputer