France’s National Identity Agency Breached — 11.7 Million Accounts Compromised, 15-Year-Old Suspect Detained

Summary

France’s Agence nationale des titres sécurisés (ANTS), the government agency responsible for managing passports, national identity cards, residence permits, and driving licenses, has confirmed a data breach affecting 11.7 million accounts. A threat actor using the alias “breach3d” initially offered the stolen data for sale online, though some claims suggest up to 19 million accounts may be impacted.

The compromised data includes full names, email addresses, dates of birth, postal addresses, and phone numbers. ANTS stated that biometric information and passwords were not affected, meaning the stolen data cannot be used to directly access individual accounts on the portal. French authorities detected suspicious activity on April 13 and launched an investigation.

In a surprising twist, a 15-year-old suspect has been detained in connection with the attack, facing charges for unauthorized access, data exfiltration, and possession of hacking tools. The ANTS online portal was temporarily taken offline to reinforce security, and the agency plans to notify all affected account holders.

Sources

• BleepingComputer — 15-Year-Old Detained Over French Govt Agency Breach
• The Record — France Investigates Teen Over National ID Agency Hack
• Connexion France — ANTS Data Leak

Commentary

A teenager took down the national identity infrastructure of a G7 nation. Let that sink in. While the details of the exploitation method haven’t been fully disclosed, the fact that a 15-year-old could exfiltrate 11.7 million records from a government agency handling some of the most sensitive identity documents in the country raises serious questions about the state of public sector cybersecurity in France — and elsewhere.

The silver lining is that biometric data and credentials reportedly weren’t compromised, limiting the immediate damage. But 11.7 million names, addresses, and dates of birth is a goldmine for phishing and social engineering campaigns. French citizens should expect a wave of highly targeted scams in the coming months. The ANTS breach joins a growing list of government agency compromises that suggest state-run digital identity systems need significantly more investment in security.