A cyberattack has struck France’s National Agency for Secure Documents (ANTS) website, potentially exposing personal data belonging to users who applied for identity cards, passports, residence permits, and driver’s licenses.
Authorities detected the security incident on April 15, warning that it may have resulted in the exposure of personal information linked to both individual and professional accounts using the ANTS online platform. The French Interior Ministry has confirmed the breach and is currently assessing its scope and impact.
“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) identified a security incident that may have led to the disclosure of data associated with personal and professional user accounts on the ants.gouv.fr portal,” the agency stated in an official announcement.
Preliminary findings indicate that the compromised data may include login identifiers, names, email addresses, dates of birth, and internal account IDs. In some cases, additional information such as home addresses, places of birth, or phone numbers may also have been exposed. Authorities have begun notifying affected users. According to the breach notification, the incident did not involve uploaded documents and does not allow attackers to directly access user accounts.
The incident has been formally reported to France’s data protection authority (CNIL), and prosecutors as well as the national cybersecurity agency have been alerted. Government specialists have launched technical investigations to determine how the intrusion occurred and to evaluate the full extent of the exposure. Security measures have since been reinforced to safeguard the platform and its data.
At this time, users are not required to take specific action. However, authorities advise heightened vigilance for suspicious messages, phone calls, or emails that may attempt to leverage the breach for phishing or fraud.
Separately, a threat actor has claimed to be selling a large dataset allegedly stolen from ANTS, reportedly containing 18 to 19 million records. The dataset is said to include names, email addresses, phone numbers, birth details, postal addresses, and account‑related metadata.
If verified, such a data set could facilitate identity theft, fraud, and the creation of synthetic identities at scale, posing long‑term risks to affected individuals. Government identity systems are particularly attractive targets because the personal data they manage retains value for years. However, officials stress that the claims regarding the dataset remain unconfirmed and continue to be investigated.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
