French gov’t confirms hack of at least 18M records from ID document database

France’s government has confirmed that a database storing records of identity documents suffered a breach of millions of entries containing identity data.

The hack of France Titres’ infrastructure led to the theft of between 18 and 19 million records associated with identity credentials like biometric passports, national ID cards and driver’s licenses. The quantity of records covers about a third of France’s adult population.

Hackers known as “breach3d” and “ExtaseHunters” posted claims of the breach and offers to sell the records to a hacker forum, stating the stolen records come from a new breach, Cybernews reports. The records include full names, email addresses, dates of birth and each account’s unique identifier. Some also included home addresses and phone numbers.

France Titres confirmed last week that it had reported the incident to the CNIL, France’s data protection authority. The official letter warns of an increased risk of phishing and fraud attacks.

The information is not enough to allow access to the ants.gouv.fr portal it was stolen from, the agency says.

France Titres is also known as the National Agency for Secure Titles (ANTS), under which name it declined to confirm a reported breach of between 12 and 13 million ID records in September of 2025.

The timing of the latest breach could hardly be worse, however, as the country convened dozens of organizations to collaborate on launching its implementation of the EU Digital Identity (EUDI) Wallet earlier this year ahead of a planned 2027 launch.

National cybersecurity authority ANSSI is now investigating the incident.

Article Topics

cybersecurity  |  data privacy  |  data protection  |  France  |  fraud prevention  |  hacking  |  identity document