French Government Banking Database Breach Exposes 1.2 Million Account Records

3 Min Read / February 27, 2026

A hacker breached France’s national bank account registry in January, accessing personal data from 1.2 million accounts using stolen government credentials. French authorities confirmed that a “malicious actor” illegally accessed the FICOBA database by impersonating a civil servant whose credentials allowed access for interministerial information exchanges.

The database lists all bank accounts opened in French banking institutions and contains account numbers, names, addresses and, in some cases, tax identification numbers. FICOBA holds data on more than 80 million individuals according to France’s data protection authority CNIL, but the breach impacted 1.2 million of the 300 million total account records stored in the system.

Three Weeks from Breach to Detection

The malicious activity began in late January and was detected internally, triggering measures that limited the amount of exposed data, according to France’s Directorate General of Public Finances. Authorities detected and contained the breach by mid-February, giving the attacker roughly three weeks inside the system.

This follows a pattern. In December 2025, hackers breached the French Interior Ministry after employees shared passwords in plaintext emails, accessing internal email servers and criminal record files. In the same month as the FICOBA incident, hackers breached the Ministry of the Interior claiming access to data on more than 16 million citizens, also through stolen login credentials. The repeated credential theft across French government systems points to a fundamental access control problem rather than isolated incidents.

The Financial Risk Is Real Despite No Account Access

French authorities and the French Banking Federation confirmed that the stolen information would not allow threat actors to check account balances or initiate direct transactions. That reassurance misses the practical threat.

The data could enable fraudsters posing as legitimate creditors to request direct debit payments, provided they register with a payment service provider as authorized debit issuers and forge debit mandates typically used for utility bills or loan repayments. Fraudsters can also subscribe to services that would be paid for by debiting the illegally obtained IBAN.

The French Banking Federation urged customers to monitor their accounts closely because the breach included International Bank Account Numbers, which criminals can use to set up fraudulent direct debit mandates. FICOBA has warned that “numerous” scams are already in circulation following the data breach.

Single Point of Failure Exposed 80 Million Records

The breach demonstrates how government database design can amplify credential theft impact. Michael Jepson at CybaVerse noted that “if individual members of an organisation can access large volumes of sensitive data unilaterally, this creates a structural weakness where a single set of compromised credentials can lead to widespread data exposure”.

The attacker needed only one valid credential set to query 1.2 million records from a database containing information on 80 million French citizens. That level of access granted to individual civil servants with no apparent technical controls to limit query scope or flag unusual activity represents exactly the kind of cybersecurity theatre that makes government databases attractive targets.

DGFiP confirmed that affected individuals will be notified directly and that banks have been alerted to warn customers about potential follow-on fraud and phishing attempts. Cybersecurity teams from the finance ministry and France’s national cybersecurity agency ANSSI are assisting with the investigation.