France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data.
Also known as Agence nationale des titres sécurisés (ANTS), the administrative body operates under the French Ministry of the Interior, serving as the managing authority for official identity and registration documents in France. This includes driver’s licenses, national ID cards, passports, and immigration documents.
According to an announcement the agency published yesterday, the attack occurred last week, and while the investigation is still ongoing, several data types for an undisclosed number of individuals may have been exposed.
“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,” reads ANTS’s announcement.
The types of data that may have been exposed are:
- Login ID
- Full name
- Email address
- Date of birth
- Unique account identifier
- Postal address (for some)
- Place of birth (for some)
- Phone number (for some)
ANTS stated that it is currently in the process of notifying those identified as impacted.
The agency noted that the exposed information does not allow unauthorized access to its electronic portals. However, the same data can be used in phishing and social engineering attacks.
“No action is required from users. However, they are advised to remain highly vigilant regarding any suspicious or unusual messages they may receive (SMS, phone calls, emails, etc.) that appear to come from ANTS,” the agency warned.
ANTS has notified the data protection authority (CNIL), the Paris Public Prosecutor, and has also involved the national cybersecurity agency (ANSSI) in the response effort. The agency warned that the sale or dissemination of the data is illegal.
19 million records claimed stolen
On April 16, a threat actor using the moniker ‘breach3d’ claimed the attack on hacker forums claimed the attack on ANTS, alleging to be holding up to 19 million records.
The threat actor claims that the stolen data contains full names, contact details, birth data, home addresses, account metadata, and gender and civil status.
The data has been offered for sale for an undisclosed amount, so it has not been broadly leaked yet.
ANTS saus that user do not need to take any action but recommends exercising “extreme caution” about suspicious or unusual communication over SMS, voice, and emails appearing to come from the agency.
BleepingComputer has contacted ANTS to ask about the threat actor’s allegations, but we have not received a response as of publishing.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
