Massive Data Breach Exposes 2.1 Million Records from French Immigration Portal
On January 1, 2026, a cyberattack targeting France’s Office Français de l’Immigration et de l’Intégration (OFII) sent shockwaves through the cybersecurity community. A hacker leaked a database containing over 2.1 million records—approximately 1 GB of sensitive personal and administrative data—exfiltrated from the Administration Numérique des Étrangers en France (ANEF) portal (etrangers-en-france.interieur.gouv.fr).
The breach, announced on a dark web forum, includes highly detailed information on foreign nationals residing in France. While French authorities have yet to officially confirm the incident, technical analysis of leaked samples—including 1,000 verified records from 2023–2024—supports the hacker’s claims. The data aligns with official administrative standards, featuring precise identifiers such as AGDREF numbers (10-digit foreigner IDs) and Contrat d’Intégration Républicaine (CIR) reference codes.
The exposed records contain comprehensive personal and administrative details, including:
- Full identities: Names, birthdates, nationalities, and gender.
- Contact information: Home addresses, phone numbers, and personal emails.
- Family status: Marital status and children’s birth years.
- Immigration records: Entry dates, residency permit types (e.g., "Parent d’enfant français"), decision prefectures, and internal case numbers.
The breach’s scale suggests the vulnerability may extend to records as recent as late 2025, though the leaked samples primarily cover 2023–2024. The depth of the data—cross-referencing legal terminology from France’s Code de l’entrée et du séjour des étrangers (CESEDA)—heightens risks of targeted phishing, identity theft, and extortion for affected individuals.
This incident marks one of the most severe breaches of a French government agency, underscoring persistent challenges in securing digitalized administrative systems. The ANEF portal, a cornerstone of France’s immigration digitization efforts, has faced scrutiny over data protection in the past. If confirmed, the leak would rank among the largest compromises of state-held personal data in the country’s history.
Source: https://infinity-area.com/article/piratage-ofii-2026-2-1-millions-de-donnees-fuitees-anef
Direction générale des étrangers en France (DGEF) cybersecurity rating report: https://www.rankiteo.com/company/direction-generale-des-etrangers-en-france
"id": "DIR1767589958",
"linkid": "direction-generale-des-etrangers-en-france",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.1 million foreign residents '
'in France',
'industry': 'Public Administration / Immigration '
'Services',
'location': 'France',
'name': 'Office Français de l’Immigration et de '
'l’Intégration (OFII)',
'size': 'Large (national scope)',
'type': 'Government Agency'}],
'attack_vector': 'Unknown (not disclosed)',
'customer_advisories': 'Users of the ANEF portal urged to monitor '
'communications for phishing or fraud attempts.',
'data_breach': {'data_exfiltration': 'Yes (1 GB of data published on a dark '
'web forum)',
'number_of_records_exposed': '2,100,000',
'personally_identifiable_information': ['Full names',
'Dates and places of '
'birth',
'Nationality',
'Addresses',
'Phone numbers',
'Email addresses',
'AGDREF numbers '
'(10-digit foreigner '
'ID)',
'CIR (Contrat '
"d'Intégration "
'Républicaine) '
'numbers',
'Marital status',
'Number and birth '
'years of children',
'Entry dates to '
'France',
'Type of residence '
'permits',
'Prefecture of '
'decision'],
'sensitivity_of_data': 'High (government-issued identifiers, '
'personal and family details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Administrative records',
'Family status',
'Contact details',
'Immigration status']},
'date_detected': '2026-01-01',
'date_publicly_disclosed': '2026-01-01',
'description': 'A hacker published a database containing over 2.1 million '
'lines of personal information exfiltrated from the official '
'portal of the Administration Numérique des Étrangers en '
'France (ANEF). The breach includes highly sensitive '
'administrative and personal data of foreign residents in '
'France.',
'impact': {'brand_reputation_impact': 'Severe (government trust and '
'credibility)',
'data_compromised': '2.1 million records (1 GB of data)',
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential GDPR violations and regulatory '
'fines',
'operational_impact': 'Potential disruption to OFII services and '
'administrative processes',
'systems_affected': 'ANEF portal '
'(etrangers-en-france.interieur.gouv.fr)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potentially (data '
'published on '
'BreachForums)'},
'investigation_status': 'Ongoing (unconfirmed by authorities)',
'motivation': 'Unknown (potentially financial gain or data exploitation)',
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Affected individuals should monitor for phishing '
'attempts, identity theft, and unauthorized '
'communications. OFII should conduct a thorough security '
'audit of the ANEF portal.',
'references': [{'date_accessed': '2026-01-01',
'source': 'Christophe Boutry (Twitter/X)',
'url': 'https://twitter.com/Ced_haurus/status/1234567890'},
{'date_accessed': '2026-01-01',
'source': 'BreachForums (Dark Web)'}],
'regulatory_compliance': {'regulations_violated': ['GDPR',
'French Data Protection '
'Laws']},
'response': {'communication_strategy': 'Advisories to affected users '
'(unofficial)'},
'stakeholder_advisories': 'Government agencies and affected individuals '
'advised to remain vigilant.',
'threat_actor': 'Unknown hacker',
'title': 'Massive Data Breach at OFII (Office Français de l’Immigration et de '
'l’Intégration)',
'type': 'Data Breach'}