French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials belonging to a government official and used them to access the national bank account file.
The Directorate General of Public Finances detected the intrusion in late January 2026 and immediately restricted access to limit data extraction from FICOBA, the comprehensive database listing every bank account opened in French banking establishments.
The attacker compromised credentials of an official authorized to access FICOBA through interministerial information exchange channels. This legitimate access pathway allowed the threat actor to query the database without triggering immediate alarms, demonstrating how credential theft enables attackers to masquerade as trusted insiders and bypass perimeter security controls.
FICOBA contains sensitive personal data including bank account details such as RIB and IBAN numbers, account holder identities, addresses and in some cases tax identification numbers. The database serves as France’s central registry for tracking financial accounts, making it a high-value target for criminals seeking identity theft material, financial fraud opportunities or intelligence on French taxpayers.
Also read: France Alleges ‘Foreign Interference’ After RAT Malware Found on Ferry
The Directorate General of Public Finances has not disclosed the intrusion’s duration before detection, the specific method attackers used to steal official credentials, or whether multi-factor authentication protected the compromised accounts. The ministry stated it implemented immediate access restrictions upon discovering the incident to halt the attack and prevent additional unauthorized access.
Work continues to restore service with enhanced security controls, though the ministry provided no timeline for full remediation. Affected users will receive individual notifications in coming days alerting them that attackers may have accessed their data. The breach notification follows European Union General Data Protection Regulation requirements mandating timely disclosure when personal data breaches occur.
The ministry contacted French banking institutions to coordinate customer awareness campaigns emphasizing the need for increased vigilance against financial fraud and identity theft. Compromised bank account details enable various attack vectors including targeted phishing campaigns, account takeover attempts and fraudulent transaction initiation.
The ministry reported the incident to the National Commission for Information Technology and Civil Liberties, France’s data protection authority equivalent to other European Union supervisory bodies. CNIL will investigate whether the Directorate General of Public Finances implemented adequate security measures to protect FICOBA data and may impose penalties if violations of data protection law occurred.
Authorities also filed a formal criminal complaint, initiating law enforcement investigation into the breach. French prosecutors will attempt to identify the threat actor, determine whether the breach connects to organized cybercrime groups or nation-state operations, and pursue criminal charges if suspects are located.
Citizens whose accounts appear in FICOBA should monitor bank statements for unauthorized transactions, watch for suspicious communications claiming to be from financial institutions or government agencies, and report any fraud attempts to authorities immediately. The stolen data creates long-term identity theft risks that may persist for years after the initial breach.
