France Titres, the French government agency that issues administrative documents, said it detected a security incident on April 15 that may have exposed data from individual and professional accounts on its portal, while a hacker later claimed to be selling up to 19 million records.
KEY FACTS
- Agency France Titres, also known as ANTS, handles identity and registration documents in France.
- Data at risk Login IDs, names, email addresses, birth dates, account identifiers and some postal addresses, birthplaces and phone numbers may have been exposed.
- Impact The agency said the exposed information does not allow unauthorized access to its electronic portals.
- Claim A threat actor using the name breach3d said they had up to 19 million records and offered them for sale.
In an official security incident notice, the agency said the issue could involve data from accounts on the ants.gouv.fr portal. It said it is notifying people identified as affected.
The disclosure said the information could be used in phishing and social engineering attacks even though it does not provide direct access to the agency’s portals. France Titres also said it has alerted the CNIL, the Paris Public Prosecutor and the ANSSI.
The hacker’s claim appeared on April 16, one day after the incident was detected. The data was offered for sale for an undisclosed amount, which means it has not been broadly leaked, according to the report.
The agency said users do not need to take action but should be highly vigilant about suspicious SMS messages, phone calls and emails that appear to come from France Titres.
WHY IT MATTERS
The exposed data could help criminals make messages seem more credible, even if account access was not compromised. That can increase the risk of fraud against people whose details were included in the breach.