In late January 2026 a malicious intruder accessed France’s national bank account registry FICOBA and viewed information tied to 1.2 million accounts.
KEY FACTS
- Incident Unauthorized access to FICOBA in late January 2026
- Accounts affected 1.2 million bank accounts
- Data accessed IBANs, holder names, addresses, sometimes tax identification numbers
- Response Banks alerted and a criminal complaint filed
The intruder used login credentials belonging to a civil servant authorized to use the database to explore its contents.
Access included the international bank account number IBAN the account holder’s first and last name and their address. In some cases the holder’s tax identification number issued by the Directorate-General for Public Finance was also visible.
Impacted individuals will be contacted directly in the coming days and banks were alerted to advise customers to remain vigilant. Authorities have notified the French data protection authority CNIL and have filed a criminal complaint.
In a statement from the French Banking Federation the federation explained that the accessed information cannot be used to check balances or initiate transactions but could be used to request direct debits or to sign up for services billed to the victim’s IBAN.
WHY IT MATTERS
Exposed IBANs and personal details raise risks of direct debit fraud subscription fraud and social engineering that could lead to further account compromise or financial loss. Affected people should monitor transactions and dispute unauthorized debits promptly.