French National Bank Registry Breach Exposes Data Linked to 1.2 Million Accounts

What happened

The French Ministry of Finance disclosed a breach of the national bank account registry FICOBA, where hackers accessed and stole sensitive data associated with approximately 1.2 million accounts after using credentials stolen from a civil servant. The exposed database contained bank account identifiers such as IBANs, account holder identities, physical addresses, and, in some cases, taxpayer identification numbers. The compromised credentials provided access through the government’s interministerial information sharing platform, allowing attackers to extract part of the registry database before authorities detected and blocked the intrusion. The system remains partially offline as officials work with the National Cybersecurity Agency of France (ANSSI) to restore operations and strengthen security. 

Who is affected

Individuals whose bank account information is recorded in the FICOBA registry, which tracks bank accounts held at French financial institutions, are affected, as personal and financial identifiers associated with their accounts were exposed. 

Why CISOs should care

The breach highlights the risks associated with centralized financial registries and government data platforms, where compromised credentials can allow attackers to access sensitive banking and identity information at large scale. 

3 practical actions

• Revoke compromised credentials immediately. Authorities restricted access after detecting unauthorized use of a civil servant’s credentials. 
• Notify affected users and financial institutions. The French Ministry of Finance began notifying impacted individuals and coordinating with banks. 
• Strengthen system security controls. Officials are working with national cybersecurity authorities to enhance registry protections.