The French government has confirmed that its database used to secure identity documents has been breached, exposing around 19 million records containing passport, national ID card, and driver’s license data.

National Agency for Secure Titles (ANTS), now called France Titres, is the French government’s main platform and official system for secure identity documents.

A threat actor collective operating under the aliases “breach3d” and “ExtaseHunters” recently posted an active listing on a hacker forum, claiming to have successfully compromised the agency’s internal infrastructure.

The hackers, who are now touting the data on criminal forums, claim that the exfiltrated dataset contains between 18 million and 19 million records - which equals a third of France’s population.

The sellers assert the authenticity of the intelligence and explicitly state that this is a new, structural compromise rather than an aggregation of historical breaches.

Reports of a previously discovered breach (which ANTS never confirmed) surfaced in September 2025 and exposed approximately 12-13 million user records. This dataset has been doing the rounds on dark web forums ever since.

However, our Cybernews security researcher, Rasa Jurgutyte, has examined a sample of 98 records that the hacker breach3d posted. It contains user PII, including full names, email addresses, dates of birth, and in some cases, addresses and phone numbers. Jurgutyte said that the incident appears to be new.

The conversation on this topic is live. Join in the discussion.

“Although the info is similar to that in previous datasets, the format of the data differs, which suggests that this incident might be new,” she explained.

In relation to the earlier breach, she added: “If this is confirmed, it can mean that the ANTS system either got unlucky twice, or they failed to notice security flaws that led to this incident.”

According to an official letter issued on April 15th, ANTS appears to confirm the breach.

It details that the incident has been reported to the CNIL (France’s data protection authority) under Article 33 of GDPR.

It adds that the Ministry of the Interior has also filed a criminal referral with the Paris Prosecutor under Article 40 of the Code of Criminal Procedure.

A formal investigation is now open.

Message from “breach3d”

The message from hacker "breach3d" posted on April 16th, 2026, appears to suggest that they are selling French citizens’ data to punish the French Government for its security failures.

"Hello, Today we are announcing a major breach of the ANTS (National Agency for Secure Titles), the French government agency responsible for secure identification and official titles.

“Despite all their talk about 'security,' their infrastructure has proven totally inadequate. We are therefore putting a database containing 18,000,000 records up for sale.

“These 18 to 19 million files contain an impressive amount of personally identifiable information.”

After detailing the data that they have exfiltrated, the hacker then delivers the sucker punch.

"It seems the French government would do better to stick to the culinary arts: their digital defenses are as crumbly as their croissants.”

Message from hacker who posted as "breach3d"

How serious is the latest ANTS breach?

While the latest attack is significant, France has seen larger breaches by volume. In 2024, for instance, the healthcare payment provider breaches of Viamedis/Almerys reported around 33 million people.

However, the ANTS 19 million identity-linked records linked to passports, national ID cards, driving licenses, residence permits, and vehicle registrations means the data can be far more useful to criminals.

Affected citizens will now be at risk of social engineering and user profiling for future attacks.

The ANTS letter warns those affected to be on the lookout for phishing attacks, though it suggests they click a link at the end of the letter, which could itself spark additional phishing attacks if hackers imitate this letter.

“Remain vigilant, never share your personal information, and report any unusual activity on your account using the form whose link appears at the end of this message.”

Growing list of French government security fails

Rapid digitization of government services, combined with geopolitical and structural factors, has led to an epidemic of cyberattacks in France in recent years.

Recent French government breaches have highlighted sustained pressure on public sector systems.

In February, officials disclosed unauthorized access to part of the national FICOBA bank-account registry, which tracks accounts held across France.

In January 2026, the OFII immigration office confirmed that foreign nationals’ data had been stolen via subcontractors.

Separately, in December 2025, France’s Interior Ministry said hackers compromised email servers and accessed some files, including criminal-related documents.

---

Unlock more exclusive Cybernews content on YouTube.