More than a million people in France hit by bank account data breach
Account holders advised to check direct debits after cybertattack on national bank account register
The breach has led to warnings to regularly check accounts
Rawpixel.com / Shutterstock
French authorities are to contact more than one million bank account holders in France after their details were illegally accessed.
The breach has reiterated warnings over regularly checking account information, as stolen data could be used to set up fake direct debits.
The French Finance Ministry confirmed that an ‘acteur malveillant’ (malicious third-party) had accessed the national bank account registry (fichier national des comptes bancaires or FICOBA) at the end of January and had maintained access for several days.
In that time, they gained access to information of around 1.2 million active bank accounts.
The hacker or hackers - the ministry has not confirmed who is behind the breach – were able to access the data by posing as a civil servant with access to the files.
FICOBA lists all bank accounts held in France – some 300 million – as well as personal details about the account holders.
Data that has been compromised includes account details (RIB/IBAN), the account holder's identity, address, and, in some cases, the user's tax identification number, said the ministry.
The account holder’s date and place of birth is also listed in the compromised information, added the French Banking Federation.
Risk of direct debit transactions
The ministry advises account holders across France to keep a close eye on their accounts, including outgoing transactions.
Holders of accounts that were compromised will be personally informed in the coming days.
They will receive individual notifications alerting them that access to their data may have been detected, the ministry said, but did not explain how this would be done.
“As soon as this incident was detected, immediate access restriction measures were implemented to stop the attack, limit the amount of data accessed and extracted from this database… and prevent any further unauthorised access,” it said.
FICOBA “does not allow access to bank account balances, let alone transactions,” it added, but users should remain vigilant.
While the information taken from the FICOBA breach is not enough to make payments directly through an associated card or bank transfer, it may be used to set up direct debits.
Fraudsters that have registered as direct debit issuers with certain service providers can fraudulently set up and collect funds via stolen IBANs, or set up services for themselves paid for with a compromised IBAN.
Account holders informed that their details were compromised should therefore check all direct debits associated with their account.
Regularly check accounts
The breach is the latest in a number of cybersecurity attacks in France, both against the state and private companies.
The French Banking Federation has urged all account holders – not just those affected by the breach – to maintain best practices around data protections.
All account holders should regularly check their account to detect any incident or anomaly, at least once per week, including transactions from the account and direct debits, it says.
“Regularly check and update the list of authorised and blocked creditors in your online banking area, carefully and regularly monitor direct debit transactions debited from your account,” it recommends.
In case of fraud, clients should dispute the transaction immediately with their bank.
Refunds for direct debits are unconditional within eight weeks, regardless of whether or not a direct debit mandate exists, it said.
Finally, the Federation reiterates general cybersecurity advice in the light of potential phishing scams associated with breached bank information.
Banks will never ask for personal information such as account codes or passwords, either over the phone or in person. If in doubt that an incoming call from your bank is legitimate, hang up and call the bank back.
The recent incident has been reported to France’s Commission for Civil Liberties (CNIL), and the national cybersecurity agency (ANSSI) and public finance (DGFiP) authorities will look to strengthen the FICOBA IT systems.
