French Government Discloses Major National Bank Account Registry Breach
Published
Key Takeaways
- Data Exposure: A data breach at France’s Ministry of Economy has exposed information related to 1.2 million bank accounts.
- Stolen Credentials: The incident occurred after a threat actor used stolen credentials belonging to an official to access the national bank account registry, FICOBA.
- Compromised Information: Exposed data includes account holder names, IBANs, addresses, and some tax identifiers.
The French national bank account registry, known as FICOBA, suffered a data breach, the French Ministry of Economy has disclosed. Unauthorized access to the database was gained in late January after an attacker successfully utilized stolen credentials belonging to a government official.
The attacker's access has since been terminated, and an investigation is underway.
Scope of the French Bank Account Breach
The FICOBA database breach compromised personally identifiable information linked to approximately 1.2 million bank accounts in France. While government officials have stated that the attacker could not conduct banking operations or view account balances with the stolen data, the details are sufficient to facilitate phishing campaigns and other scams:
- Bank details (RIB / IBAN),
- Holder identity,
- Address,
- In some cases, the user's tax identifier.
A malicious actor used stolen “credentials of an official with access within the framework of the exchange of information between ministries” to consult part of a file listing all bank accounts opened at French banking establishments, the press release mentioned.
Authorities are notifying all affected individuals and a formal complaint has been filed.
Cybersecurity in Finance and Data Protection
The incident underscores the risks of single-factor authentication for accessing highly sensitive systems, as the use of stolen credentials to access sensitive databases is a common practice among threat actors.
- Not replying directly to suspicious emails or SMSs, for both individuals and businesses.
- Contacting the tax office directly through the secure messaging system in your online account or by phone to verify the authenticity of the message, even if the sender appears to be from the DGFiP (French Public Finances Directorate).
- Keeping all evidence (messages, website addresses, screenshots, etc.) if you suspect fraudulent use of your personal data.
This month, security researchers reported that SystemBC infections exceeded 10,000, including systems linked to government hosting, and hackers were observed exploiting Ivanti zero-day vulnerabilities in global cyberattacks, breaching the Dutch government and possibly the European Commission.
In January, the U.K. government admitted its cyber resilience strategy had faults and proposed a new action plan, and a cybersecurity report noted that dozens of global companies in aviation, defense, engineering, and more were breached via infostealer credentials.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular