The National Agency for Insurance Titles, better known as ANTS, has recognized a security incident that could have exposed personal data from French citizens after an attack last week. ANTS, which reports to the Ministry of the Interior and is responsible for the issuance and management of official documents such as driver's license, identity cards and passports, reported the event on its website and, for the time being, noted the scope of direct access to electronic portals.
The official communication from the agency states that the incident was detected on 15 April 2026. and that the investigation is still under way; for that reason ANTS still does not provide definitive figures on how many accounts could be affected. In its note, the agency lists several types of information that could have been compromised in some cases: access identifiers, full names, e-mails, birth dates and other account metadata, as well as post addresses, place of birth and phone numbers in certain records. You can read the full release on the ANTS website: https: / / ants.gouv.fr / toute-l-actualite / incident-de -securite-relatif-au-portail-antsgouvfr.
In parallel to the agency's admission of the incident, a claim was made in cybercrime forums by an actor who calls himself "break3d," who claims to have up to 19 million records taken from the system. This statement, published on hacker channels and disseminated by specialized security intelligence accounts, has not yet been verified by the authorities. The offer to sell the alleged set of data does not necessarily mean that all the information has been publicly filtered; in fact, according to the reports, the data put on sale for now is not widely available. A repost of the claim can be found in the publication linked by analysts: @ IntCyberDigest.
ANTS ensures that the data disclosed alone do not allow unauthorized access to its electronic portals but it highlights a relevant risk: the above-mentioned information - names, emails, birth dates and addresses - can be used to build scams, phishing campaigns and very convincing social engineering attacks. It is precisely that indirect vector that concerns experts: with personal details verified, attackers can create credible messages that deceive both individuals and telephone services.
The agency has started to report individually to the people it identifies as affected and has informed the National Commission for Informatics and Freedoms (CNIL) to the Paris Court and is working with the National Information Systems Security Agency (ANSSI) to coordinate the response. ANTS also recalled that the dissemination or sale of such data is illegal and that the competent authorities investigate the facts.
From the practical point of view, ANTS advises that users do not make urgent changes to their accounts if they have not been contacted as affected, but do maintain active surveillance: distrust of SMS, calls and emails requesting information, links or files; check the authenticity of any communication and use official channels to contrast any requests that appear to come from the agency. This recommendation is the same as the data protection authorities in Europe when such incidents arise: prevention first, because the real damage often comes through the path of subsequent fraud, not by initial access to the base.
For those who want to go a little further, it is appropriate to strengthen basic personal credentials and digital habits: to activate two factors authentication when possible, to use unique and robust passwords, and to review in some detail unexpected emails and communications. It is also wise to monitor unusual movements in official proceedings and, in the light of the minimal suspicion of a suplication attempt, to contact the relevant services through the official channels published by ANTS and the Ministry of the Interior: https: / / www.interieur.gouv.fr.
In the cybersecurity ecosystem, incidents like this recall two key ideas: public bodies handle extremely sensitive data and are therefore desirable targets for attackers; and, on the other hand, the exposure of fields that seem "uncritical" - addresses, birth dates, postcards - can facilitate much more dangerous fraud if combined with other information pieces.
The investigation opened by ANTS and the French authorities should clarify what vulnerability was exploited, how access was carried out and whether there was mass exfiltration of data. For the time being, transparency in communication and speed in notifications are positive steps, but the technical and legal response will be decisive in order to ensure that public confidence does not deteriorate. In the meantime, the recommendation is simple and practical: to monitor, check and distrust the unexpected and use only official channels in the face of any doubt.
If you want to follow the official sources and case updates, see the ANTS statement and the information from the French authorities mentioned above. The issue is being developed and will require follow-up in the coming days and weeks.
Safety alert Drug critical vulnerability of SQL injection in PostgreSQL requires immediate update
Drucal has published safety updates for a vulnerability qualified as "highly critical" which affects Drumal Core and allows an attacker to achieve arbitrary SQL injection in sit...
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...