French Ministry of Finance: French government systems hacked - over 1.2 million private financial accounts hit

French FICOBA Bank Registry Breach Exposes 1.2M Accounts in SEPA Fraud Risk

Hackers breached France’s FICOBA (Fichier national des comptes bancaires et assimilés), a state-run registry tracking all bank accounts in the country, stealing sensitive data on 1.2 million accounts. The attack, confirmed by the French Ministry of Finance, originated from stolen login credentials belonging to a civil servant, granting unauthorized access to the database.

The compromised data includes bank account details (RIBs and IBANs), account holder identities, postal addresses, and in some cases, taxpayer identification numbers. This information poses a significant risk for SEPA (Single Euro Payments Area) direct debit fraud, where attackers can initiate unauthorized transactions using victims’ IBANs. While banks can reverse fraudulent debits, affected individuals may still face financial losses and administrative burdens.

Authorities detected the breach and temporarily took FICOBA offline before restoring access. The registry is now operational, and affected users are being notified individually. Reports indicate that phishing campaigns via email and SMS have already emerged, targeting victims with fraudulent schemes.

The incident underscores the growing threat of financial fraud enabled by large-scale data breaches, particularly in systems tied to critical banking infrastructure. No details on the attackers’ identity or the success rate of follow-up scams have been disclosed.

Source: https://www.techradar.com/pro/security/french-government-systems-hacked-over-1-2-million-private-financial-accounts-hit

French Ministry of Finance TPRM report: https://www.rankiteo.com/company/french-ministry-of-economy-and-finance

"id": "fre1771966360",
"linkid": "french-ministry-of-economy-and-finance",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'customers_affected': '1.2 million accounts',
                        'industry': 'Banking/Financial Services',
                        'location': 'France',
                        'name': 'FICOBA (Fichier national des comptes '
                                'bancaires et assimilés)',
                        'type': 'Government Registry'}],
 'attack_vector': 'Stolen Credentials',
 'customer_advisories': 'Affected users being notified individually; phishing '
                        'campaigns targeting victims reported',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '1.2 million',
                 'personally_identifiable_information': 'Yes (identities, '
                                                        'addresses, taxpayer '
                                                        'IDs)',
                 'sensitivity_of_data': 'High (financial and personally '
                                        'identifiable information)',
                 'type_of_data_compromised': ['Bank account details (RIBs, '
                                              'IBANs)',
                                              'Account holder identities',
                                              'Postal addresses',
                                              'Taxpayer identification '
                                              'numbers']},
 'description': 'Hackers breached France’s FICOBA (Fichier national des '
                'comptes bancaires et assimilés), a state-run registry '
                'tracking all bank accounts in the country, stealing sensitive '
                'data on 1.2 million accounts. The attack originated from '
                'stolen login credentials belonging to a civil servant, '
                'granting unauthorized access to the database. The compromised '
                'data includes bank account details (RIBs and IBANs), account '
                'holder identities, postal addresses, and in some cases, '
                'taxpayer identification numbers, posing a significant risk '
                'for SEPA direct debit fraud.',
 'impact': {'brand_reputation_impact': 'Significant (state-run registry '
                                       'breach)',
            'data_compromised': 'Bank account details (RIBs, IBANs), account '
                                'holder identities, postal addresses, taxpayer '
                                'identification numbers',
            'downtime': 'Temporary offline status',
            'identity_theft_risk': 'High (SEPA fraud risk)',
            'operational_impact': 'Registry temporarily taken offline',
            'payment_information_risk': 'High (IBANs and RIBs exposed)',
            'systems_affected': 'FICOBA (Fichier national des comptes '
                                'bancaires et assimilés)'},
 'initial_access_broker': {'entry_point': 'Stolen civil servant credentials'},
 'lessons_learned': 'Growing threat of financial fraud enabled by large-scale '
                    'data breaches, particularly in systems tied to critical '
                    'banking infrastructure',
 'motivation': 'Financial Fraud (SEPA Direct Debit Fraud)',
 'post_incident_analysis': {'root_causes': 'Stolen credentials leading to '
                                           'unauthorized access'},
 'references': [{'source': 'French Ministry of Finance'}],
 'response': {'containment_measures': 'Temporarily took FICOBA offline',
              'recovery_measures': 'Affected users being notified individually',
              'remediation_measures': 'Restored access to the registry'},
 'title': 'French FICOBA Bank Registry Breach Exposes 1.2M Accounts in SEPA '
          'Fraud Risk',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unauthorized access via compromised civil servant '
                            'credentials'}