A hacker’s bold claim of swiping 19 million records from France’s core identity management system has forced the government to confirm one of its biggest data exposures yet. The Agence Nationale des Titres Sécurisés, or ANTS—recently rebranded as France Titres—detected the intrusion on April 15, 2026. Five days later, it posted an official notice on its site. Personal details from user accounts on ants.gouv.fr poured out: login IDs, full names, email addresses, dates and places of birth, unique account numbers, postal addresses, phone numbers. Not the scanned documents or biometrics, though. Those stayed safe.
France Titres handles passports, national ID cards, driver’s licenses, vehicle registrations, immigration papers. Millions rely on its portal daily. A breach here doesn’t just leak data. It hands criminals the keys to impersonate citizens at scale.
The hacker, going by ‘breach3d’ or ‘ExtaseHunters,’ beat officials to the punch. On April 16, the day after detection, this actor advertised the loot on underground forums. Up to 19 million records, they boasted—roughly a third of France’s population. Full names. Contacts. Birth info. Addresses. Account metadata. Gender. Civil status. Bleeping Computer first flagged the post. Cybernews researchers vetted a sample of 98 records. Fresh data. Different format from old leaks. No aggregation of prior dumps, they concluded. A real, new hit.
Officials stayed mum on numbers at first. Their April 20 announcement dodged specifics. ‘On Wednesday, April 15, 2026, the National Agency for Secure Documents (ANTS) detected a security incident that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal,’ it read, per the official page at ants.gouv.fr. Investigations ongoing. Affected users getting personal notices. No account takeovers possible from this data alone, they stressed. But phishing? Identity theft? Wide open.
By April 23, reports pegged the scope at 12 million accounts. ID Tech Wire cited the Interior Ministry. That’s still massive. The ministry confirmed the incident affected the portal run by France Titres, as detailed by The Register. Teams from ANTS, plus national cyber agency ANSSI, dug in right away. Security patches rolled out. Services kept running.
Response kicked into gear fast. Breach reported to CNIL under GDPR Article 33. Criminal complaint filed with Paris prosecutors under Article 40 of the criminal procedure code. Users urged vigilance: watch for fake SMS, calls, emails mimicking ANTS. ‘We recommend that they exercise the utmost vigilance regarding any suspicious or unusual messages,’ the notice warned. Selling the data? Illegal, full stop.
And this isn’t isolated. France’s public sector bleeds from repeated hits. Just before, Education Ministry systems cracked via staff impersonation, hitting the ÉduConnect student platform. Earlier, the national bank registry spilled 1.2 million accounts. Now ANTS. Pattern clear. State databases make prime targets. Attackers probe for weak spots—old software, poor access controls, insider slips.
Experts see phishing storms brewing. Armed with names, emails, phones, crooks craft hyper-personalized lures. ‘Even national identity systems are soft targets,’ noted cybersecurity analyst Vivek on X. Exposure fuels fraud, not direct logins. But pair it with social engineering? Devastating. Cybernews highlighted risks: social engineering, user profiling for bigger attacks. ANTS’s own letter nods to this, even as it oddly suggests clicking a notification link—prime phishing bait if cloned.
France Titres insists no passwords or uploads compromised. Good. But the damage lingers. Citizens now prime for scams. Businesses tied to ID verification—banks, telcos, employers—face spikes in fraud attempts. Regulators push harder on MFA, zero-trust models. Yet governments lag. Centralizing citizen data invites these jackpots.
So what next? Investigations grind on. No attribution yet—no nation-state fingerprints, no ransomware gang signature. Just a forum post and samples. Hackers demand undisclosed sums. Data not leaked free, so far. But sales mean wider spread. French authorities notified affected parties. Public alerts ramp up. ANSSI coordinates defenses.
Breaches like this test national resilience. France joins a list: U.S. OPM’s 2015 mega-leak, Australia’s 2022 Medicare dump. Each exposes how identity pillars crumble under digital strain. Officials promise fixes. Users brace. And hackers shop.
Scale here stuns. 12 to 19 million. One portal. Core to daily life. France’s response—transparent notice, quick reports, user warnings—sets a bar. But prevention? That’s the gap. As probes continue, one fact stands. Trust in digital IDs just took a hit.


WebProNews is an iEntry Publication