1.2 Million French Bank Accounts Exposed in Data Breach
▼ Summary
– In late January 2026, an intruder accessed France’s FICOBA bank account registry, compromising data linked to 1.2 million accounts.
– The breach was executed using stolen login credentials from an authorized civil servant, exposing personal and bank account details.
– While accessed data cannot be used to check balances or initiate transactions, it could enable fraudulent direct debit requests.
– Authorities have alerted affected individuals and banks, notified the data protection agency, and filed a criminal complaint.
– This incident follows other recent cyberattacks on French government services, including the postal service and unemployment agency.
A significant data breach at France’s national bank account registry has compromised the personal information of over a million citizens. The French Ministry of the Economy and Finance confirmed this week that an unauthorized individual accessed the FICOBA database in late January, exposing details linked to 1.2 million bank accounts. The intrusion occurred after the perpetrator obtained the login credentials of an authorized civil servant, using them to explore the sensitive registry.
The accessed data includes highly personal information, such as the international bank account number (IBAN), the account holder’s full name, their residential address, and, in some instances, their official tax identification number. Authorities have stated that affected individuals will be contacted directly and that banks have been alerted to advise customers on increased vigilance. The ministry has formally notified the French data protection authority, CNIL, and filed a criminal complaint regarding the incident.
This security failure follows a troubling pattern of cyber incidents targeting French institutions. Just two months prior, a disruptive DDoS attack affected the websites, applications, and delivery network of La Poste and its banking subsidiary. Earlier in 2024, a separate breach at the national unemployment agency, France Travail, compromised two decades’ worth of jobseeker data. These events collectively highlight ongoing vulnerabilities within critical public sector systems.
While officials have sought to reassure the public, clarifying that the stolen data does not include bank balances or allow for direct transactions, significant risks remain. The French Banking Federation (FBF) warned that the exposed information could still facilitate fraud. Criminals could use the details to pose as legitimate creditors and set up unauthorized direct debit payments, provided they can forge the necessary mandates. Additionally, fraudsters might subscribe to paid services that would be charged to the compromised IBAN, leaving the victim to foot the bill.
Beyond fraudulent charges, the breach creates a prime opportunity for sophisticated social engineering attacks. With personal and banking details in hand, scammers can more convincingly impersonate bank officials or other trusted entities. Their goal would be to trick individuals into revealing usernames, passwords, or security codes, potentially leading to full account takeover.
In response to the breach, the banking federation has issued clear guidance for all account holders. Citizens are strongly advised to monitor their bank statements weekly, scrutinizing all transactions for anything suspicious. It is crucial to keep a close watch on direct debit authorizations and to dispute any fraudulent withdrawals within the eight-week legal timeframe. Above all, individuals must remain extremely cautious of unsolicited communications, especially those requesting sensitive financial information or login credentials.
This incident serves as a stark reminder of the persistent threat posed by cybercriminals and the importance of robust digital hygiene. Proactive monitoring and a healthy skepticism toward unexpected contact are essential defenses in protecting one’s financial identity.
(Source: HelpNet Security)
