12 million people in the ANTS data leak
France Titres (ANTS), the French government agency issuing secure identity documents, disclosed a breach of its moncompte.ants.gouv.fr portal via an IDOR API flaw; officials confirmed 11.7 million accounts exposed (names, dates of birth, emails, addresses), while a hacker claimed up to 19 million records.
- Victim
- ANTS (France titres)
- records
- 11.7M
On 20 April 2026, ANTS (France Titres) β the French national agency that issues secure identity documents such as passports, national ID cards, driving licences and vehicle registration certificates β confirmed a large-scale leak of personal data from its online account portal, moncompte.ants.gouv.fr. The intrusion was detected on 15 April and disclosed in the days that followed, with the Interior Ministry confirming the scale on 20 April.
Security researchers attributed the breach to an Insecure Direct Object Reference (IDOR) vulnerability in the portal's API: by altering a single identifier in a request, an attacker could iterate through and pull data belonging to other users. The day after detection, a threat actor using the alias "breach3d" advertised the stolen dataset for sale on a criminal forum, claiming up to 18β19 million records β though the Interior Ministry put the official figure at 11.7 million affected accounts.
The exposed data included:
- Login identifier, civility/gender and account identifier
- Full name, date of birth and place of birth
- Email address, postal address and phone number
Scanned identity documents and other attachments uploaded by users in support of their title requests were reportedly not part of the leak. France Titres said the exposed fields do not by themselves allow unauthorized access to its portals, but warned users to stay highly vigilant against phishing and suspicious messages exploiting the data.
The agency closed the vulnerability and notified the CNIL (data protection regulator) and ANSSI (national cybersecurity agency), and filed a complaint with the Paris public prosecutor. Investigations into the breach and the data sale were ongoing at the time of disclosure.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-04-20-ants-france-titres
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/
- theregister.comhttps://www.theregister.com/2026/04/22/frances_secure_id_agency_probes/
- helpnetsecurity.comhttps://www.helpnetsecurity.com/2026/04/22/france-titres-online-portal-data-breach/