Cyber Incident Victim: France's Ministry of Economy
Date:
Jan 2026
Location:
France
Summary
France's Ministry of Economy disclosed that a threat actor used stolen credentials to infiltrate the national bank account registry, gaining access to information on approximately 1.2 million accounts including IBANs, holder names, addresses and, in some cases, tax identification numbers. The attacker was unable to view balances or conduct any transactions, and access has since been terminated while affected individuals are being notified of the breach and advised to watch for potential scams or phishing attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late January 2026, security investigators identified unauthorized access to France's national bank account registry, referred to as FICOBA, after detecting anomalous activity linked to a set of stolen credentials. The credentials belonged to an official within the Ministry of Economy and were used by a threat actor to log into the database that records every bank account opened in the country. Once inside, the actor was able to extract personal data associated with approximately 1.2 million individual accounts. The extracted information included each account's International Bank Account Number (IBAN), the account holder's full name, their postal address, and, for a subset of records, the associated tax identification number. Officials emphasized that the intruder did not gain the ability to view account balances or to initiate any financial transactions.

Upon confirming the breach, the Ministry of Economy immediately revoked the compromised credentials and terminated the attacker's ongoing access to the registry. The ministry then launched a notification campaign to inform all individuals whose data had been exposed about the nature of the compromise. In its public statement posted on the ministry's website, officials clarified that while sensitive identifiers were accessed, the lack of transactional or balance visibility limited the direct financial risk to account holders. Recipients of the notices were advised to remain alert for potential phishing messages or scam attempts that could misuse the disclosed personal details. No additional technical details regarding how the credentials were originally obtained or the identity of the perpetrator were released in the available sources.
