Cyber Incident Victim: France Service
Date:
Feb 2021
Location:
United States of America
Summary
A cyberattack compromised a U.S.-based service assisting French citizens with relocation and green card lottery applications, resulting in the theft of extensive user data. Attackers exfiltrated personal and familial details including identities, physical and email addresses, phone numbers, payment information, internal administrative notes, and client IP addresses. Over 16,000 individuals were impacted by the breach, which exposed sensitive information submitted through the platform's registration process. The stolen data was subsequently stored anonymously in a cloud repository by the perpetrators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around February 14, 2021, threat actors infiltrated the France Service website, a U.S.-based portal established in Los Angeles in 1989 to assist French citizens with U.S. immigration processes, including Green Card lottery applications. The attackers exfiltrated sensitive user data stored by the platform, which facilitates submissions for the increasingly restrictive U.S. Diversity Visa Program. A compromised dataset containing stolen records was subsequently identified in an anonymized cloud storage repository by cybersecurity monitoring service ZATAZ. Analysis of the breached information revealed comprehensive personal details of applicants, including full identities, landline and mobile phone numbers, email addresses, physical residential locations, and payment method information. Internal administrative notes referencing missing client photographs, behavioral descriptors like "Mauvais coucheur" (difficult customer), and users’ IP addresses were also present in the stolen files.
The incident impacted over 16,000 French nationals who had submitted personal and familial information through France Service’s platform. Exposed records created risks of identity theft, financial fraud, and targeted phishing campaigns due to the granularity of compromised contact and payment details. ZATAZ’s surveillance team detected the breach upon discovering the leaked dataset and immediately notified their subscriber base on the same day. No public statements, containment measures, or forensic findings from France Service itself were documented in the available source material at the time of reporting. The theft underscored vulnerabilities in platforms handling sensitive immigration-related data, particularly given the inclusion of internal system metadata alongside personally identifiable information in the breach.