French document issuing agency announces a major data breach

A French government agency responsible for issuing official documents to citizens said it discovered a security incident last week that possibly compromised personal and employment information of government employees.

 

On Monday, the Agence Nationale Des Titres Securises, or the French government’s National Agency for Secure Documents, announced that on April 15, it discovered that a cyber attack had resulted in the compromise of government employees’ personal information and login IDs required to access its official portal.

 

The agency said that the compromised information included login IDs, full names and titles, email addresses, dates of birth, unique account identifiers, postal addresses, places of birth and telephone numbers.

 

The agency did not disclose the number of compromised individuals but stressed that the compromised information cannot be used by malicious actors to gain access to the government portal.

 

The National Agency for Secure Documents is a public administrative establishment supervised by the Ministry of the Interior. Headquartered in Charleville-Mézières, the agency is responsible for issuing secure documents such as vehicle registration certificates, national identity cards, residence permits, biometric passports, and travel documents for refugees and stateless persons.

 

The agency said that after the security incident was discovered, it initiated technical investigations to determine the origin and extent of the breach, and has implemented additional security enhancements to ensure the continuity of portal services and data protection.

 

"No action is required from users. However, we recommend that they exercise extreme caution regarding any suspicious or unusual messages they may receive (SMS, calls, emails, etc.) that appear to originate from ANTS," it said.

 

The agency added that it has notified the French Data Protection Authority and the French National Cybersecurity Agency about the cyber security incident, and has also sent a report to the Public Prosecutor of Paris who will conduct further investigations.

 

The cyber attack occurred not long after the French government revealed that malicious actors gained access to FICOBA, a centralised, computer-based, national registry of all bank accounts, and stole data related to 1.2 million accounts.

 

According to the Ministry of Economy, the hackers used a government official’s hijacked credentials to gain access to FICOBA which stored details of all bank accounts, savings accounts, and rental safes opened, modified, or closed within France. The registry also contains entries related to each account listing the identity and address of the account holder, the type of account and the date and nature of the account.