Cyber Incident Victim: Agence Nationale des Titres Sécurisés
Date:
Apr 2026
Location:
France
Summary
A 15‑year‑old suspect was detained after allegedly hacking Agence Nationale des Titres Sécurisés (ANTS) and attempting to sell millions of French citizens’ identity records on the dark web. The agency confirmed the stolen data included names, dates and places of birth, mailing and email addresses, and phone numbers, and said it had detected unusual activity on its network before notifying affected individuals and urging caution. Investigators say the hacker advertised the database on underground forums, claiming 12 to 18 million lines (or up to 19 million records) of data, and the case carries penalties of up to seven years imprisonment and a fine of 300,000 euros.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 15, 2026, the Agence Nationale des Titres Sécurisés (ANTS) detected a cyberattack on its network, following earlier unusual activity observed on April 13. The agency confirmed on April 22 that it had experienced a data breach affecting its systems that manage national identity documents, passports, and immigration records. In its public announcement, ANTS stated that the compromised data could include full names, dates and places of birth, mailing and email addresses, and phone numbers for an undisclosed number of French citizens. The agency also reported that it had begun notifying individuals whose information was involved and that the investigation into the breach’s origin and impact was ongoing. On the same day, ANTS sent an email to millions of French citizens advising them of the cyberattack and urging caution against unsolicited communications and the disclosure of personal details.
According to Bleeping Computer, a hacker had previously advertised the stolen data on a hacking forum, claiming possession of a database with approximately 19 million records, a claim made before ANTS’ public disclosure on April 20. The forum post described the same categories of personal information that ANTS listed in its announcement. Separate reporting indicated that the suspect allegedly offered for sale between 12 and 18 million lines of the stolen data. ANTS verified that the data being offered matched the authentic information stored in its databases. The agency emphasized that all necessary remedial measures had been implemented, though it did not specify the exact actions taken.
On April 25, 2026, a 15‑year‑old individual, whose identity was not disclosed, was detained by police and placed in custody for questioning after being linked to the online nickname “breach3d,” the moniker used by the hacker who advertised the data. The Paris prosecutor's office opened an investigation into the teenager for alleged fraudulent access and theft of state‑managed data, offenses punishable by up to seven years of imprisonment and a fine of up to 300,000 euros. ANTS confirmed that it also operates the age‑verification application intended to block children under 15 from accessing social networks. The incident has prompted public discussion in France regarding the security of consolidating citizens’ personal information in a centralized database.