Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Apr 21, 2026 · 6 min read

France's Passport Agency Got Hacked—19 Million Citizens' Identity Records Are Now for Sale

A threat actor collective claims to have extracted up to 19 million records from France's national identity document portal, including names, birth details, addresses, and phone numbers. The government confirmed the breach five days after detection.

A European passport lying on a dark surface illuminated by the blue glow of a laptop screen displaying encrypted data, symbolizing the France ANTS identity document breach

What Happened

On April 15, 2026, France's Interior Ministry detected a security incident affecting the National Agency for Secure Documents (ANTS). The ANTS portal at ants.gouv.fr is the single government system that processes applications for passports, national identity cards, residence permits, and driver's licenses for every person in France.

Five days later, on April 20, the ministry publicly acknowledged the attack. The compromised data includes login credentials, full names, email addresses, dates of birth, unique account identifiers, postal addresses, places of birth, and phone numbers. That is essentially everything a person submits when applying for a government identity document, except the document scans themselves.

The ministry clarified that "the leaked information does not include documents uploaded during administrative procedures, such as attachments submitted as part of applications." But what was taken is arguably more dangerous than the documents themselves.

The Data Is Already Listed for Sale

A threat actor collective operating under the aliases "breach3d" and "ExtaseHunters" posted a listing on a monitored hacker forum claiming to have extracted 18 to 19 million records from the ANTS database. The dataset allegedly includes full names, emails, phone numbers, birth details, addresses, and account metadata.

France's government has not confirmed that figure. But the ANTS portal serves the entire population. France has approximately 68 million residents, and anyone who has applied for an identity document, renewed a passport, or obtained a driver's license through the portal in recent years could be affected.

Why Government Identity Data Is Uniquely Dangerous

Most data breaches expose information that people enter voluntarily: email addresses, shipping addresses, payment details. The ANTS data is different. This is government verified identity information, the exact data used to issue passports and national ID cards.

For identity thieves, government verified data is the gold standard. A name and email pair from a retail breach might be worth a few cents. A name, date of birth, place of birth, address, and government account ID from a passport agency is worth far more. It is the foundation for synthetic identity creation, targeted social engineering, and in the worst case, document fraud. When Eurail lost 300,000 travelers' passport numbers earlier this month, the scale was alarming. The ANTS breach dwarfs it by a factor of sixty.

The combination of birth details and addresses is particularly dangerous. Unlike a password, you cannot change your date or place of birth. Unlike a credit card number, these details do not expire. Once this data is out, it stays useful to criminals indefinitely.

France Is Under Siege: Three Government Breaches in Three Months

The ANTS breach is not isolated. France has been hit by a wave of government database compromises in 2026, and cybersecurity researchers have described the situation as "operationally paralyzed," with 58 cyber incidents hitting French institutions this year alone.

  • February 2026: Hackers breached France's National Bank Accounts File (FICOBA), a database recording every bank account in the country, exposing data linked to approximately 1.2 million accounts. The attacker impersonated a civil servant to gain access.
  • March 2026: A breach at the Education Ministry's Compas HR system exposed home addresses, phone numbers, and absence records of 243,000 teachers and staff. A separate attack targeted the student account management system linked to EduConnect.
  • April 2026: The ANTS breach, potentially the largest of the three, with up to 19 million citizens affected.

The pattern reveals a systemic problem. Attackers are not going after the most visible government systems. They are probing less visible portals, HR tools, administrative databases, and document processing systems, that hold massive volumes of personal data but lack the security investment of higher profile infrastructure.

The Phishing Wave That Follows Every Government Breach

When attackers steal data from a government identity portal, the breach itself is only the first phase. The real damage arrives in the weeks that follow, when the stolen data fuels a wave of targeted phishing. We have already seen how attackers abuse legitimate notification systems to deliver phishing that passes every spam filter. With ANTS data in hand, the next wave of phishing will be even harder to detect.

With access to names, email addresses, dates of birth, and government account identifiers, attackers can craft emails that look indistinguishable from real ANTS correspondence. "Your passport renewal requires additional verification." "Your driver's license application has been flagged." "Please log in to confirm your identity." Every one of these is far more convincing when it includes your real name, your real date of birth, and your real ANTS account number.

The French Interior Ministry has explicitly warned affected users to watch for phishing attempts referencing passport applications, ID card renewals, or driver's license processing.

What Affected Users Should Do

French authorities filed a criminal complaint with the Paris prosecutor and reported the incident to the data protection authority (CNIL). ANTS says it will contact individuals whose data was compromised. In the meantime, anyone who has used the ants.gouv.fr portal should take these steps:

  • Change your ANTS password immediately and any other accounts using the same email and password combination.
  • Treat every government email with suspicion for the foreseeable future. Do not click links in emails claiming to be from ANTS, the Interior Ministry, or any French government agency. Navigate directly to the official website instead.
  • Enable two factor authentication on every account that supports it, starting with email. Your email address is the recovery mechanism for almost everything else. If an attacker compromises your inbox using credentials from this breach, they can reset passwords across your entire digital life.
  • Monitor for identity fraud. Check bank statements, government correspondence, and credit reports for unauthorized activity. The stolen data includes enough information to open accounts or file applications in your name.

The Centralization Problem

The ANTS breach highlights a fundamental tension in digital government. Centralizing identity services into a single portal is convenient for citizens and efficient for the state. It also means a single breach can compromise a significant fraction of the entire population at once.

France is not alone in this trade off. Every country building digital identity infrastructure faces the same risk. The question is not whether centralized systems will be targeted, but whether the security investment matches the value of what they hold. When a portal managing 19 million identity records can be breached and the data listed for sale within days, the answer is clearly no.

Stop Email Tracking in Gmail

Spy pixels track when you open emails, where you are, and what device you use. Gblock blocks them automatically.

Try Gblock Free for 30 Days

No credit card required. Works with Chrome, Edge, Brave, and Arc.