On April 15, 2026, the French National Agency for Secure Documents (ANTS) suffered a massive data breach. According to official figures from the Ministry of the Interior, nearly 11.7 million accounts were affected. However, a hacker going by the name "breach3d", who put the database up for sale on a cybercriminal forum, claims the actual number could reach 18 to 19 million records. An unprecedented cyberattack directly affecting millions of French citizens who had performed administrative procedures online: passports, national identity cards, driver's licenses.

What exactly happened?

ANTS manages the portal ants.gouv.fr, the official platform for all secure document requests in France. Every year, millions of citizens create an account there to track their national identity card, passport, or driver's license applications.

The vulnerability exploited is of the IDOR (Insecure Direct Object Reference) type, a particularly insidious flaw. It allowed a malicious actor to access other users' data by simply modifying a numeric identifier in the requests sent to the API, without any authorization check. In other words, by changing a single number in the URL, it was possible to read the records of millions of other users.

This type of vulnerability is well known to security experts but unfortunately remains far too common in public information systems. The CNIL (French Data Protection Authority) was immediately notified, and a report was sent to the Paris Public Prosecutor. The investigation was entrusted to the Anti-Cybercrime Office (OFAC).

What data was stolen?

The compromised information is particularly sensitive, as it combines civil status data and personal contact details:

• First and last name
• Date of birth
• Postal address
• Email address
• Phone number

These elements are sufficient to build highly targeted scams. Combined, they allow identity theft, ultra-personalized phishing attempts (fake SMS, fake emails impersonating the administration), and even attempts at fraudulent bank account openings or online credit applications.

Am I affected?

If you ever created an account on ants.gouv.fr to renew your national identity card, passport, or driver's license, you are very likely among those affected. ANTS announced it will send direct notifications to users whose accounts are identified as compromised.

You can also check specialized platforms like Have I Been Pwned (haveibeenpwned.com) to verify whether your email address appears in known hacked databases.

Immediate steps to take

In response to this breach, here are the concrete actions to take without delay:

1. Change your ANTS password

Go to ants.gouv.fr and change your password. If you use this same password on other sites (which is inadvisable), change it everywhere. Take this opportunity to enable two-factor authentication (2FA) wherever possible.

2. Be extremely vigilant about incoming messages

In the coming weeks, be wary of any email, SMS, or phone call claiming to come from ANTS, the tax authorities, a bank, or a phone operator. Hackers sell this data to scammers specializing in phishing. A well-targeted message (with your name, address, and phone number) can appear very official.

Golden rule: no official organization will ever ask for your password, banking details, or a wire transfer via SMS or email.

3. Monitor your digital identity

Services like Cybermalveillance.gouv.fr offer free resources for victims of cyberattacks. There are also alert services in case of fraudulent use attempts on your identity.

4. Report any fraud attempt

If you receive a suspicious message or believe you are a victim of a fraud attempt related to this hack, report it at cybermalveillance.gouv.fr or directly to the police via thesee.interieur.gouv.fr (the official platform for reporting online fraud).

What lessons can be drawn from this cyberattack?

This massive breach is a reminder of an uncomfortable reality: even government platforms are not immune to cyberattacks. The IDOR vulnerability that was exploited has been well documented for years in security standards like the OWASP Top 10. Its presence on a service managing the identity documents of millions of French citizens raises serious questions about the security audits performed beforehand.

It also highlights the need for every citizen to adopt solid digital hygiene practices: unique and complex passwords, two-factor authentication, vigilance against unsolicited messages. In a world where our data travels from server to server, digital caution is no longer optional — it is a necessity.

The judicial investigation is ongoing. Regular updates are expected in the coming weeks on the Ministry of the Interior website and on ants.gouv.fr.