French govt cyberattack triggers phishing warning

A French government agency responsible for managing official identity documents has confirmed a cyberattack on its online portal, prompting an immediate phishing warning for users. The breach, detected on Wednesday, April 15, may have exposed personal information belonging to an undisclosed number of individuals.

The affected entity, France Titres, formally known as the Agence nationale des titres sécurisés (ANTS), operates under the French Ministry of the Interior. It oversees systems for critical documents such as driver’s licences, national ID cards, passports, and immigration documents. The incident remains under active investigation.

Potentially compromised data includes login IDs, names, email addresses, dates of birth, and unique account identifiers. In some cases, postal addresses, places of birth, and telephone numbers may also have been exposed. ANTS confirmed that affected individuals have already been notified.

Crucially, the agency clarified that “the disclosure of data does not include additional data submitted during the various procedures, such as attachments.” It further assured users that “this personal data does not allow unauthorized access to the portal account.”

Despite this reassurance, ANTS strongly advises caution against potential phishing attempts. The agency stated, “No action is required from users. However, we recommend that they exercise extreme caution regarding any suspicious or unusual messages they may receive (SMS, calls, emails, etc.) that appear to originate from ANTS.”

In compliance with GDPR, ANTS notified the CNIL, France’s data protection regulator. It also reported the incident to the Paris public prosecutor to open a criminal investigation and informed the ANSSI, the country’s national cybersecurity authority.

The agency has implemented additional security measures to maintain portal operations and safeguard user data. It also warned that any sale or distribution of the stolen data is illegal.