Leak at Banque de France
On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.
- Victim
- Banque de France
On 23 November 2024, the Banque de France β France's central bank β was named in a data-sale post by the cybercriminal actor Near2tlg, who advertised an alleged trove of internal data on a hacker forum and Telegram, asking $50,000 before lowering the price to about $10,000.
To substantiate the claim, the actor released a handful of files for free. These turned out to be job descriptions and routine administrative documents rather than the sensitive material advertised, leading security researchers β including ClΓ©ment Domingo β to describe the claim as likely a bluff or a heavily exaggerated breach.
In a statement on 25 November 2024, the Banque de France denied any "attack on the secured information system" and said no sensitive personal or financial data had been compromised. It acknowledged only "occasional external access to an HR extranet," which it said it promptly closed.
The data categories Near2tlg claimed to hold (none independently verified) included:
- Employee identities, positions and salaries
- Client identities, bank account details and transaction histories
- Internal strategic documents and financial reports
No record count was substantiated, and the verifiable impact appears limited to the exposure of non-sensitive HR-extranet documents. The incident is considered contained.
Sources
- clubic.comhttps://www.clubic.com/actualite-544949-piratage-de-donnees-ce-serait-carrement-au-tour-de-la-banque-de-france-d-avoir-une-fuite.html
- incyber.orghttps://incyber.org/article/near2tlg-revendique-un-vol-de-donnees-appartenant-a-la-banque-de-france/
- journaldeleconomie.frhttps://www.journaldeleconomie.fr/piratage-a-la-banque-de-france-deni-officiel-et-mysteres-persistants/