French ID Agency ANTS Confirms Data Breach, Hacker Claims 19 Million Records Stolen

TL;DR: France’s ANTS agency confirmed a breach of its identity‑document systems on Wednesday, exposing personal details such as names, birth dates and contact information. A hacker later claimed on a forum to hold 19 million records from the incident.

Context ANTS, the national body that issues French passports, national IDs and immigration documents, detected the intrusion on April 15 and disclosed it publicly on April 20. The agency said the compromised data could include full names, dates and places of birth, mailing and email addresses, and phone numbers for an undisclosed number of citizens. Investigators are still determining how attackers gained access and what volume of records was actually taken.

Key Facts - ANTS confirmed the breach affects its identity‑document management platform. - Exposed data types: name, birth date and place, mailing address, email address, phone number. - A threat actor posted on a hacking forum asserting possession of a database with 19 million records matching the described data set. - ANTS has not disclosed the attack vector, but the timeline suggests the compromise began before the April 15 detection date.

What It Means The stolen information enables identity‑theft campaigns, phishing, and social‑engineering attacks against French residents. Because the data includes core identity elements, attackers can forge documents or bypass knowledge‑based authentication. The unverified claim of 19 million records, if accurate, would represent roughly one‑third of France’s population, amplifying potential harm.

What Defenders Should Do - Review and harden public‑facing ANTS web applications; apply the latest security patches from vendors. - Enforce multi‑factor authentication on privileged accounts and monitor for anomalous login attempts (MITRE ATT&CK T1078 – Valid Accounts). - Deploy network‑level detection for large outbound transfers or unusual database queries (MITRE ATT&CK T1041 – Exfiltration Over Command‑and‑Control Channel). - Implement file‑integrity monitoring on databases containing citizen data and alert on unexpected read‑access spikes. - Conduct a thorough credential‑reset for any accounts that may have been compromised and enforce least‑privilege access controls.

Watch for ANTS’ forthcoming technical advisory, which will detail the exploited vulnerability and provide specific Indicators of Compromise for defenders to block.