Hacker Claims 19 Million French ID Records Stolen in ANTS Breach

ANTS manages France’s national identification documents, including driver’s licenses, ID cards, passports and immigration papers. On April 15 the agency’s security team detected unauthorized access to a database containing personal data. The following day a message appeared on a underground forum where the actor asserted they had exfiltrated up to 19 million records and were offering them for sale.

- Detection date: April 15, 2025. - Claim date: April 16, 2025. - Alleged volume: up to 19 million records. - Data types exposed: full names, email addresses, dates of birth, account identifiers, login IDs, phone numbers and mailing addresses. - ANTS confirmed the breach did not allow login to its public portals. - No evidence of widespread public leakage has been observed yet.

The exposed details are sufficient for credential‑stuffing, targeted phishing and synthetic identity fraud. While the breach did not compromise ANTS authentication systems, the data could be used to craft convincing messages that trick recipients into revealing additional credentials or installing malware. Organizations that interact with French citizens should treat any unsolicited communication purporting to be from ANTS as suspicious until verified.

- Reset passwords for any accounts that may have used the exposed email addresses and enable multi‑factor authentication where possible. - Monitor authentication logs for anomalous login attempts, especially from unfamiliar geographies or IP ranges. - Deploy email security controls that flag messages impersonating ANTS domains and educate users about phishing indicators. - Check threat‑intelligence feeds and dark‑web markets for mentions of the claimed 19 million‑record dump. - Apply the latest security patches to any systems that interface with ANTS services, referencing ANTS advisories and relevant CVEs (e.g., CVE‑2024‑XXXX if disclosed). - Implement network segmentation to limit lateral movement should credentials be compromised.