ANTS France data leak: up to 12 million people affected

The personal data of around 12 million people in France may have been compromised during a recent security breach of the ANTS website, the Interior Ministry has said. 

ANTS is used for many document requests and processes in France, including driving licences, passports, as well as ID and residency cards. 

The ministry announced earlier this week that a security breach had been identified at the official document agency (Agence nationale des titres sécurisés, known as ANTS or France Titres). 

In an update on Tuesday evening, it confirmed that data of around 12 million accounts may have been taken. Investigations into the matter are still ongoing.

Biometrics not taken but risks of phishing attempts

Information taken “appears to be identification data: login ID, title, full name, email address, date of birth, and unique account identifier,” the ministry said.

However, additional data such as attachments and biometric data - or passwords, are not thought to have been compromised at this stage.

“This stolen data does not allow unauthorised access to the individual account on the portal,” the ministry added.

Account holders who have had their data compromised will be contacted by ANTS. 

Regardless of whether or not you are contacted, residents across France are being warned over a heightened risk of scams following several recent major cyberattacks. 

While cyberattacks can sometimes be extremely malicious in nature – looking to access sensitive login areas or bank information – most of the time they look to extract information about account holders.

This can then be sold on the dark web to scammers, or used directly by the cybercriminals – and often forms part of a ‘phishing’ attempt. 

This will see fraudsters contact a person posing to be an authority figure from somewhere else – such as their bank or an official agency – and coercing them into making a payment or granting access to their bank account. They appear more genuine as they can cite some correct information (from the stolen data) about you. 

It means you should always be wary of anyone who calls claiming to be from an authority but is rushing or coercing you into doing something such as make a payment or give your details. 

Generally, you should hang up if you feel a call is suspicious, even if it came from an ‘official number’ (hackers can mask their numbers by using those of other companies).

Hang up, call the authority using the general customer service number and explain what happened. If the call was legitimate, you can continue the process. 

You should likewise be wary of any emails or texts informing you of any required payments or issues such as fines. 

Check the website URL or number to ensure it is legitimate, and never click directly on any links. Again, make contact yourself with the organisation to ensure it is legitimate. 

More advice is available in our article here.

Other tips

In the rare event that hackers gain direct access to an account – particularly your bank account – you should immediately gather as much evidence as possible that you have been a victim and that any actions carried out on this account were not by you. 

You have 13 months to dispute a transaction with your bank, and provided you did not willingly hand over your details (for example, as a victim of ‘phishing’), you should be reimbursed.

More information is available here. 

If you believe you are the victim of identity theft or fraud in any way related to a data leak, you can file a complaint at your local police station or with the gendarmerie. 

There is a free ‘Info-Scams’ hotline for people who are concerned they have been a victim of identity theft, available in French at 0 805 805 817.

The government also offers assistance via cybermalveillance.gouv.fr.