France Titres Breach Exposes Up to 12 Million Government ID Records as Hacker Claims 19 Million Stolen

Overview

France’s national identity document authority, France Titres — the agency responsible for issuing passports, national ID cards, driver’s licenses, and residency permits — confirmed on April 22, 2026 that attackers breached its public-facing portal and stole personal data belonging to millions of citizens. The French Interior Ministry placed the official count at up to 11.7–12 million accounts, while the threat actor behind the intrusion claims a much larger haul of 18 to 19 million records, equivalent to nearly a third of France’s entire population.

What We Know

The breach was detected on April 15, 2026, when security monitoring at France Titres flagged abnormal activity on the ants.gouv.fr portal, according to BleepingComputer. A day later, a threat actor using the alias “breach3d” — also associated with the handle “ExtaseHunters” — advertised the stolen dataset for sale on underground hacking forums, prompting France Titres to accelerate its public disclosure, as TechCrunch reported.

The compromised data includes, according to the official ministerial statement cited by The Register: login credentials and unique account identifiers, full names, email addresses, dates of birth, and places of birth. For a subset of users, the stolen records also contain postal addresses, telephone numbers, gender, and civil status information. The Ministry of the Interior was explicit that the breach did not expose biometric data, passwords, or document attachments submitted during identity verification procedures — meaning scanned passport or ID card images were not part of the theft.

France Titres also stated, as noted by Help Net Security, that the exposed data “does not allow unauthorized access” to individual accounts on the ants.gouv.fr portal. Nonetheless, the agency warned affected users to expect a surge in social engineering attempts, advising vigilance toward any calls, SMS messages, or emails purportedly from France Titres or associated government services.

In line with GDPR obligations, the incident was formally notified to CNIL, France’s national data protection authority, under Article 33 of the regulation. The Ministry of the Interior simultaneously filed a criminal referral with the Paris Prosecutor under Article 40 of the Code of Criminal Procedure. ANSSI, France’s national cybersecurity agency, was also informed and began its own technical investigation, BleepingComputer reported.

The attack method has not been disclosed publicly. France Titres stated investigations to “determine precisely the origin and extent of the incident” are ongoing.

Context and Prior Incidents

This is not France’s first major breach of sensitive government data in recent months. Cegedim Santé’s March 2026 incident exposed 15.8 million French medical records, including clinical notes containing HIV status and sexual orientation data. Combined, the two breaches mean that sensitive personal records for potentially tens of millions of French citizens — encompassing both health history and legal identity — are now circulating in criminal markets.

The France Titres agency itself had already declined to confirm an earlier reported intrusion. According to Biometric Update, ANTS — France Titres’s previous name — declined to confirm a reported breach of 12 to 13 million ID records in September 2025. That context makes the current disclosure more consequential: the agency had apparently faced prior intrusion activity and may have underreacted before the breach became undeniable.

What We Don’t Know

Several critical details remain unresolved. No technical description of the attack vector has been released — it is not yet known whether attackers exploited a vulnerability in the ants.gouv.fr portal, used compromised credentials, or accessed a backend database through a separate entry point. The discrepancy between the official count (up to 12 million accounts) and the attacker’s claim (18–19 million records) has not been explained. It is possible the attacker’s dataset includes duplicate entries, records from the earlier September 2025 incident, or individuals who hold multiple documents managed by France Titres.

It is also unclear whether the stolen data has already been sold or whether it remains exclusively in the hands of “breach3d” and “ExtaseHunters.” As of the time of reporting, no broad public leak of the dataset had occurred — the data was being offered for sale at an undisclosed price rather than distributed freely.

Analysis

The France Titres breach matters beyond its raw size. France Titres is the central registry for the documents French citizens use to prove who they are: passports, national identity cards, driver’s licenses, and residency permits all flow through its systems. An attacker holding names, dates of birth, addresses, and account metadata for up to 12 million citizens possesses sufficient information to construct convincing phishing lures and to facilitate identity fraud and synthetic identity creation at scale.

The breach also arrives at an awkward moment for France’s digital identity ambitions. The country is scheduled to begin rolling out its EU Digital Identity Wallet implementation in 2027, according to Biometric Update. That project depends on public trust in the government’s capacity to protect identity credentials. A breach of the country’s existing identity infrastructure — at an agency described as handling “secure titles” — will complicate that trust-building exercise considerably.

For affected individuals, the immediate risk is phishing. Attackers with verified name-to-email-to-address combinations can craft highly targeted messages that appear to originate from legitimate French government sources, requesting document renewals, payments of fees, or credential re-verification. French authorities have directed citizens to the Info-Scams hotline (0 805 805 817) and the government assistance portal at cybermalveillance.gouv.fr for guidance.