France's National Bank Registry Breached
The French Economy Ministry has confirmed that a hacker compromised credentials belonging to a single government official and used them to access FICOBA — France's centralized database of all bank accounts — consulting information on 1.2 million accounts since the end of January 2026.
FICOBA (Fichier des Comptes Bancaires et Assimilés) is maintained by French tax authorities and contains records for every bank account opened in France.
What Was Exposed
| Data Type | Risk Level |
|---|---|
| Account details (RIB/IBAN) | Critical |
| Account holder identity | Critical |
| Home addresses | High |
| Dates of birth | High |
| Place of birth | High |
| Tax identification numbers | Critical |
What Was NOT Accessed
- Account balances
- Transaction histories
- The ability to conduct transactions
How It Happened
The attack vector was credential theft — likely a social engineering or phishing attack targeting a single government official with FICOBA access privileges.
1. Attacker compromises government official's credentials
2. Authenticates to FICOBA using stolen credentials
3. Queries 1.2 million bank account records over ~3 weeks
4. Exfiltrates account holder identity, IBAN, and tax data
5. Ministry detects unauthorized access pattern
6. Access terminated and investigation launchedThe fact that a single set of credentials provided access to 1.2 million records raises serious questions about:
- Access controls — Why could one account query this volume of data?
- Rate limiting — Why weren't mass queries flagged?
- Multi-factor authentication — Was MFA enforced for FICOBA access?
Scale and Impact
With 1.2 million accounts exposed, the breach affects roughly 1 in 55 French residents. The combination of IBANs, full identities, and tax IDs creates a potent toolkit for:
- SEPA direct debit fraud — IBANs can be used for unauthorized direct debits across the EU
- Identity theft — Full identity details enable opening accounts in victims' names
- Targeted phishing — Attackers can craft highly convincing bank impersonation emails
- Tax fraud — Tax identification numbers enable filing fraudulent tax returns
Government Response
French authorities are calling for calm while warning that stolen data could be weaponized:
- All 1.2 million affected account holders will be notified in the coming days
- The French Economy Ministry has launched a formal investigation
- Security review of FICOBA access controls is underway
- Affected individuals are being advised to monitor bank accounts closely
Recommendations for Affected Individuals
- Monitor bank accounts — Watch for unauthorized direct debits referencing your IBAN
- Contact your bank — Request enhanced fraud monitoring
- Be vigilant against phishing — Expect scam emails impersonating your bank or tax authority
- File a complaint — Report to CNIL (France's data protection authority) if you receive a notification
- Monitor tax filings — Watch for unauthorized tax return filings using your tax ID
A single compromised credential providing access to a national banking registry underscores why privileged access management and monitoring are non-negotiable for government databases.
Sources
- Cybernews — France Bank Accounts Breach via FICOBA
- SecurityWeek — French Government Says 1.2 Million Bank Accounts Exposed
- Security Affairs — French Ministry Confirms Data Access to 1.2M Bank Accounts