French government agency admits data breach as hacker alleges up to 19 million sensitive records stolen – breach may have exposed 'data from individual and professional accounts'

Last Thursday, a threat actor with the alias ‘breach3d’ posted a new thread on a dark web forum, offering the sale of 19 million records. They claimed to have picked them up from France Titres, and that they contain people’s names, contact details, birthday information, postal addresses, account metadata, gender information, and civil status.

Soon after, ANTS issued an announcement, confirming that the breach did happen: “On Wednesday, April 15, 2026, the National Agency for Secure Credentials (ANTS) detected a security incident that may involve the disclosure of data from private and professional accounts on the ants.gouv.fr portal,” the machine-translated announcement reads.

No user action requred

The agency also confirmed the type of data stolen in the attack, but added that the miscreants do not have access to the portal, or people’s accounts.

A more thorough investigation is currently underway, with both law enforcement agencies and third-party cybersecurity professionals. Affected individuals were already notified, ANTS confirmed.

The agency also said that users are not required to do anything at this point. However, it did warn them about potential phishing attacks in the near future, from cybercriminals posing as the agency. With so much personal information, crooks can create convincing phishing lures, paired with fake login and landing pages.

That way, they can trick victims into trying to log in, effectively stealing their login credentials. In some cases, they can even engage in identity theft and initiate fraudulent wire transfers on behalf of the victims.

The agency warned that selling or sharing the stolen data in any way is a criminal offense.

Via BleepingComputer