French authorities on Wednesday announced a “malicious actor” had illegally accessed a portion of the country’s National Bank Accounts File (FICOBA) recording all bank accounts in the country.
The sensitive government database holds data on more than 80 million individuals, according to the CNIL, France’s data protection authority. In an email to Recorded Future News, a spokesperson for the French government said potentially 1.2 million accounts were impacted by the incident.
The system is operated by the Directorate General of Public Finances (DGFiP), which said the hacker impersonated a civil servant “whose credentials allowed access as part of interministerial information exchanges” to query part of the FICOBA database.
That database “lists all bank accounts opened in French banking institutions” and contains a range of personal data, including account numbers, names, address and, in some cases, tax identification numbers.
It is widely used by tax, customs and law enforcement agencies for fraud detection, tax enforcement and judicial investigations, according to the French authorities.
The malicious activity began in late January and was detected internally, triggering measures that limited the amount of exposed data, according to the DGFiP statement.
DGFiP said affected individuals will be notified directly in the coming days and that banks have been alerted to warn customers about potential follow-on fraud and phishing attempts.
Cybersecurity teams from the finance ministry and France’s national cybersecurity agency, ANSSI, are assisting with the investigation and the broader effort to harden the system against further compromise.
The disclosure comes as European governments face sustained pressure to improve the security of large, centralized administrative databases, which have become high-value targets for cybercriminals and espionage-linked actors seeking both financial data and identity information.
In its November report, the EU’s cybersecurity agency ENISA warned that public administration “represents a high-value target for state-nexus intrusion sets mainly due to the strategic value of data collection, for economic or defence purposes.”
No attribution has yet been made in this incident.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and a fellow at the European Cyber Conflict Research Initiative, now Virtual Routes. He can be reached securely using Signal on: AlexanderMartin.79
