Updated on April 21 — The Ministry of the Interior confirms that 11.7 million accounts are affected by this data breach.
“Personal data would be considered identifying information: login credentials, civility, last name, first names, email address, date of birth, the unique account identifier; and where applicable, other data that are not consistently present in all accounts: postal address, place of birth, telephone number. (…). These data do not grant unauthorized access to the nominative account on the portal,” Beauvau’s office states.
And it specifies that attachments and biometric data were not touched.
“To date, all users with a professional account (the dealers, as noted) affected by the incident have been informed by email,” the ministry adds.
———————–
On April 15, 2026, the portal of the National Agency for Secured Titles (ANTS), which handles identity cards, passports and driving licenses, suffered a cyberattack. This intrusion, confirmed by the Ministry of the Interior, granted unauthorized access to a set of personal data.
What Was Compromised
According to information released by the ministry, the incident primarily affected users’ identification data. This includes their name, given names, date of birth, email address, login identifier and the unique ANTS account identifier.
In some cases, other information such as postal address, place of birth, or telephone number may also have been exposed. These items concern both individuals and certain professionals who manage administrative procedures on the ANTS portal.
However, the ministry stresses a crucial point: the attachments submitted during proceedings (copies of identity documents, proof of address, etc.) were not impacted by the leak. It also notes that the disclosed data, on their own, do not directly allow access to users’ accounts. In other words, while these pieces of information alone are not enough to reconstruct a complete file to reissue an official document, they are sufficiently powerful to feed targeted phishing campaigns.
Concrete Risks for Users
The primary threat to the affected users is the misuse of their data in identity fraud or cyber scams. The stolen details can be used to craft highly credible emails or text messages, leveraging the name, date of birth, or email address to coax victims into clicking malicious links or opening infected attachments. These attacks can also serve as a stepping stone to recover passwords, banking identifiers, or additional sensitive information under the pretense of identity verification or a problem with their file.
As soon as the incident was detected, the ANTS and the Ministry of the Interior’s technical teams said they had launched an internal investigation to identify the intrusion’s source and its exact scope.
“Under Article 33 of the GDPR, the incident was reported to the CNIL and a notification was transmitted to the Public Prosecutor of Paris under Article 40 of the Code of Criminal Procedure in order to open an investigation,” the Ministry of the Interior states.
What This Attack Reveals
Affected users are being informed individually, via their email address or personalized messages on their account, to remind them of best practices for online vigilance. Authorities particularly advise not to click on suspicious links, to verify the authenticity of messages received, and, if possible, to enable two‑factor authentication on their national accounts (FranceConnect, etc.). A reporting mechanism is also highlighted to respond to any fraudulent attempt or suspicious phishing.
This cyberattack on the ANTS raises a central question: can France secure its digital platforms in real time even as it speeds up the digitization of public services? As user trust hinges heavily on the protection of personal data, each incident, even partial, weakens the sense of security surrounding the “digitized public service.”
In February, a malicious actor impersonated an employee of the Ministry of Finance and Public Accounts who had access for inter-ministerial information exchange. From late January 2026, he was able to consult part of FICOBA, a system containing personal data: banking details, the holder’s identity, and, in some cases, a tax number. Bercy (the Ministry of Finance) announces that 1.2 million accounts are affected.
