Hackers Breach French National Bank Registry, 1.2 Million Accounts Exposed
Stolen civil servant credentials gave attackers access to sensitive financial records.
The Ministry of Economy and Finance has disclosed a major cybersecurity incident affecting data linked to 1.2 million user accounts.
Investigators determined that attackers accessed the country’s national bank account registry, known as FICOBA, and extracted sensitive financial information.
How the Breach Happened
According to the Ministry, a threat actor used credentials stolen from a civil servant who had access to an interministerial information-sharing platform.
With those credentials, the attacker accessed part of the FICOBA database. Although authorities acted quickly to restrict access, investigators believe that data linked to approximately 1.2 million accounts was already exposed.
What Information Was Compromised
FICOBA records the existence and identifiers of all bank accounts opened in France. The stolen data includes:
- Bank account identifiers such as RIBs and IBANs
- Account holder identity details
- Physical addresses
- Taxpayer identification numbers (in some cases)
The registry is managed by the French tax authority, the Direction générale des Finances publiques, as part of tax enforcement requirements.
Operational Impact
The cyberattack disrupted FICOBA’s operations. Authorities are working to restore the system with strengthened security controls. However, officials have not provided a timeline for full recovery.
The Ministry confirmed that affected individuals will receive direct notifications in the coming days.
National Coordination Underway
Banking institutions across France have been informed and are expected to raise awareness among customers about potential fraud risks.
The Ministry has also notified the Commission nationale de l'informatique et des libertés (CNIL).
Meanwhile, the tax authority’s IT team is collaborating with the Agence nationale de la sécurité des systèmes d'information (ANSSI) to reinforce system defenses.
Fraud Risk and Public Warning
Authorities have already observed phishing attempts via email and SMS. These messages attempt to trick recipients into sharing login credentials or payment details.
Officials emphasized that the tax administration will never request login credentials or bank card numbers via message.
Strategic Implications
National financial registries represent high-value intelligence targets. Even if attackers cannot directly move funds, exposed identifiers increase the risk of identity fraud, account manipulation, and social engineering.
The incident highlights a growing pattern: attackers increasingly target government identity and financial databases using credential theft rather than exploiting technical vulnerabilities.