Cyberattack against the ANTS: the data of 20 million French people potentially compromised – Interview

3 min read Original article ↗

The National Agency for Secure Documents, which manages procedures related to identity cards, passports, driver's licenses, and vehicle registration certificates, has detected a security incident that may have resulted in the disclosure of personal data. The information was made public by the Ministry of the Interior. 

Both personal and business accounts are affected.

According to the ministry, the incident could involve data from personal and business accounts. Users identified as affected are receiving personalized notification.

For personal accounts, the potentially compromised data at this stage consists of identifying information: login ID, title, surname, first names, email address, date of birth, and unique account identifier. The ministry adds that other information, not always present in accounts, could also be affected, such as postal address, place of birth, and telephone number. 

The ministry clarifies that the disclosure does not concern additional data submitted during administrative procedures, including attachments. It also asserts that the data mentioned does not, on its own, allow unauthorized access to the portal account. 

20 million French people affected?

At this stage, no exact number of accounts or people affected have been officially confirmed by the ministry. But around 20 million French people could have been impacted by this hack.

The Ministry of the Interior indicates that a report has been sent to the Public Prosecutor of Paris, pursuant to Article 40 of the Code of Criminal Procedure, with a view to opening an investigation. It also specifies that enhanced security measures have been implemented to ensure continuity of service and data protection. 

What are the risks for the people involved?

A personal data breach can expose affected individuals to targeted phishing attacks, scams, identity theft, or account hacking attempts. If exposed, it is advisable to check with the relevant service to determine which data may have been compromised and to strengthen account security. 

What the legal framework provides

The CNIL (French Data Protection Authority) reiterates that a personal data breach includes, in particular, unauthorized disclosure of or access to data. The GDPR requires organizations to prevent such breaches, to stop them when they occur, and, where applicable, to notify the CNIL and the individuals concerned. 

This hacking is unfortunately not the first of its kind. In its 2024 annual report, the CNIL indicates that it received 5,629 notifications of data breaches, 20% more than in 2023, with an increase in very large-scale incidents sometimes affecting more than a million people. 

Jérôme Goulon, Editor-in-Chief Interview

Jérôme Goulon joined the editorial team of Entrevue in 1999 as an intern before becoming editor-in-chief in 2014. He headed the reporting department and carried out major investigations using hidden cameras and undercover. Passionate about media, current affairs and sports (he was in charge of weekend football on the Europe 1 website from 1999 to 2001), he has published numerous exclusive interviews. At the same time, he has appeared regularly on television since 2007 on various channels (TF1, France 3, M6, C8, NRJ 12, RMC Story), notably on the sets of Jean-Marc Morandini and Cyril Hanouna. He has also been a columnist for Non Stop people (Canal+ group) and on Radio J. 

See all articles by Jérôme Goulon