- Hackers breached France’s FICOBA registry, stealing data on 1.2M bank accounts
- Exposed details include IBANs, addresses, and taxpayer IDs, enabling SEPA debit fraud
- Authorities pulled FICOBA offline, restored access, and are notifying affected users
The French national bank account registry (FICOBA), a state agency which manages a registry of all bank accounts in France, has suffered an attack which saw hackers gain information on 1.2 million user accounts, including some rather sensitivedata which could be leveraged in subsequent cyberattacks and scam campaigns.
The news was confirmed by the French Ministry of Finance, which said login credentials were stolen from a civil servant, and used to access a database containing all bank accounts opened in French banking institutions.
From there, the unidentified miscreants took data from 1.2 million user accounts, including bank account details (RIBs and IBANs), account holder identities, postal addresses and, in some cases, taxpayer identification numbers.
Not purely theoretical
While this information can be used in all sorts of fraudulent activities, perhaps the most worrying one is SEPA direct debit fraud.
In the Single Euro Payments Area (SEPA) system (of which France is a part), knowing someone’s IBAN can allow a fraudster to initiate unauthorized direct debit mandates with certain merchants. Banks can reverse fraudulent debits, but victims will nonetheless experience financial loss and possible admin burden.
This isn’t theoretical risk, either, as BleepingComputer notes banks were already notified of multiple email and SMS campaigns making rounds, trying to steal data or money directly from the recipients.
French citizens and bank customers are advised to remain vigilant, not to respond to these emails, and to reach out to their bank directly with any questions. We don’t know how successful these campaigns have been.
After discovering the attack, the French authorities restricted the access and pulled FICOBA offline. Since then, it has been restored and is currently operating as usual. Users affected by this attack are currently being notified one by one.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
