A French government agency confirms the breach as cybercriminals offer to sell data

France Titres, the French government agency for issuing and managing administrative documents has disclosed a data breach after a threat actor sought to attack and steal citizens’ information.

Also known as the Agence nationale des titres sécurisés (ANTS), the regulatory body operates under the French Ministry of the Interior, acting as the authority in charge of official identity and registration documents in France. This includes driver’s licenses, national identity cards, passports, and immigration documents.

According to the organization’s announcement published yesterday, the attack took place last week, and while the investigation is ongoing, several types of data of an undisclosed number of people may have been exposed.

“On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,” reads the ANTS announcement.

The types of data that may be disclosed are:

• Login ID
• Full name
• Email address
• Birthday
• A unique account identifier
• Postal address (for others)
• Place of birth (for others)
• Phone number (for others)

ANTS said it is currently in the process of notifying those identified as affected.

The agency noted that the disclosed information does not allow unauthorized access to its electronic portals. However, the same data can be used in phishing and social engineering attacks.

“No action is required from users. However, they are advised to remain vigilant regarding any suspicious or unusual messages they may receive (SMS, calls, emails, etc.) that appear to be from ANTS,” the agency warned.

ANTS has notified the data protection authority (CNIL), the Public Prosecutor of Paris, and involved the national cybersecurity agency (ANSSI) in the response effort. The agency warned that selling or distributing the data is illegal.

19 million records allegedly stolen

On April 16, a threat actor using the moniker ‘breach3d’ claimed to have attacked hacker platforms and said it was an attack on ANTS, with the alleged seizure of up to 19 million records.

The threat actor says the stolen data includes full names, contact information, birth data, home addresses, account metadata, and gender and social status.

The data is offered for sale for an undisclosed amount, so it has not been widely leaked yet.

ANTS considers that the user does not need to take any action but recommends using “extreme vigilance” regarding suspicious or unusual communications via SMS, voice, and emails that appear to be from the agency.

BleepingComputer contacted ANTS to inquire about the alleged threat actor, but we have not received a response as of publication.