French Bank Account Registry Breach Exposes 1.2 Million Accounts
France’s Ministry of Economy confirmed a data breach on Wednesday, revealing that a threat actor accessed the national bank account registry, FICOBA, compromising 1.2 million accounts. The attacker exploited stolen credentials belonging to a government official to infiltrate the database, which stores details on all bank accounts opened in France.
The breach, detected in late January, exposed sensitive information including IBANs, account holder names, addresses, and in some cases tax identifiers. While the attacker could not perform banking operations or view account balances, officials warned of potential phishing and scam risks for affected individuals. Access has since been revoked, and impacted users are being notified.
Cybersecurity experts highlighted the incident as a cautionary example of overprivileged access. Michael Jepson, Penetration Testing Manager at CybaVerse, noted that allowing broad data access via a single identity particularly for high-ranking officials creates structural vulnerabilities. He emphasized that modern security practices should enforce least-privilege access, restricting permissions based on operational necessity rather than seniority.
The breach follows recent cyber incidents in France, including disruptions to the postal service and banking sector during the 2023 Christmas rush, as well as a separate attack on Eurofiber France. The incident underscores the growing risks of credential-based attacks on critical financial infrastructure.
Source: https://www.securityweek.com/french-government-says-1-2-million-bank-accounts-exposed-in-breach/
Ministry of Economy cybersecurity rating report: https://www.rankiteo.com/company/minist-re-de-l-conomie-et-des-finances
"id": "MIN1780412101",
"linkid": "minist-re-de-l-conomie-et-des-finances",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.2 million account holders',
'industry': 'Public Sector/Finance',
'location': 'France',
'name': 'France’s Ministry of Economy',
'type': 'Government'}],
'attack_vector': 'Stolen Credentials',
'customer_advisories': 'Affected users are being notified of potential '
'phishing and scam risks.',
'data_breach': {'number_of_records_exposed': '1.2 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['IBANs',
'Account holder names',
'Addresses',
'Tax identifiers']},
'date_detected': '2024-01-31',
'date_publicly_disclosed': '2024-02-07',
'description': 'France’s Ministry of Economy confirmed a data breach where a '
'threat actor accessed the national bank account registry, '
'FICOBA, compromising 1.2 million accounts. The attacker '
'exploited stolen credentials belonging to a government '
'official to infiltrate the database, which stores details on '
'all bank accounts opened in France. The breach exposed '
'sensitive information including IBANs, account holder names, '
'addresses, and in some cases tax identifiers. While the '
'attacker could not perform banking operations or view account '
'balances, officials warned of potential phishing and scam '
'risks for affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'French financial infrastructure',
'data_compromised': '1.2 million accounts',
'identity_theft_risk': 'High (phishing and scam risks)',
'operational_impact': 'Access revoked, user notifications',
'payment_information_risk': 'High (IBANs exposed)',
'systems_affected': 'FICOBA (national bank account registry)'},
'initial_access_broker': {'entry_point': 'Stolen credentials of a government '
'official'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident highlights the risks of overprivileged '
'access and the need for least-privilege access controls, '
'especially for high-ranking officials.',
'motivation': 'Data Theft',
'post_incident_analysis': {'corrective_actions': 'Review of access controls, '
'user notifications',
'root_causes': 'Overprivileged access, stolen '
'credentials'},
'recommendations': 'Enforce least-privilege access, restrict permissions '
'based on operational necessity, and implement stronger '
'credential security measures.',
'references': [{'source': 'CybaVerse (Michael Jepson, Penetration Testing '
'Manager)'}],
'response': {'communication_strategy': 'Public disclosure by Ministry of '
'Economy',
'containment_measures': 'Access revoked',
'remediation_measures': 'User notifications, review of access '
'controls'},
'title': 'French Bank Account Registry Breach Exposes 1.2 Million Accounts',
'type': 'Data Breach',
'vulnerability_exploited': 'Overprivileged Access'}