France Titre (ANTS): the leak would be much larger than 12 million accounts
Follow-up reporting on the April 2026 breach at France Titres (ANTS), France's secure-identity-document agency: beyond the officially confirmed ~11.7 million exposed accounts, the threat actor now claims access to roughly 600 million lines of data, including plaintext passwords, API and encryption keys, and source code.
- Victim
- France Titre (ANTS)
On 23 April 2026, fresh revelations reignited the data-breach case affecting France Titres (ANTS) β the French government agency that issues secure identity documents (national ID cards, passports, driving licences and vehicle registration certificates) through the ants.gouv.fr portal. The agency had detected unauthorised access to portal account data on 15 April 2026 and, after a threat actor advertised 18β19 million records for sale, officially confirmed that roughly 11.7 million accounts were affected.
This follow-up reporting centres on the attacker's claim that the breach is far larger than the figure communicated by the agency. Rather than account profiles alone, the threat actor now claims to hold around 600 million lines of data and a trove of internal technical material. These claims remain unverified independently, but if authentic they would point to a far deeper compromise of the platform's infrastructure than initially acknowledged.
According to the attacker's claims, the exposed material includes:
- Account holder data: full names, dates and places of birth, postal addresses, email addresses and (for some) phone numbers
- Account credentials, including plaintext passwords
- API keys and encryption keys
- Application source code
- Technical logs and database metadata
- References pointing to identity-card and passport data in XML
France Titres confirmed the security incident, notified the CNIL (France's data-protection authority), referred the case to the Paris public prosecutor, and involved the national cybersecurity agency ANSSI. Authorities stressed that the exposed data does not by itself allow illegitimate access to portal accounts, but warned of an elevated risk of phishing and social-engineering attacks. The investigation is ongoing and the full scope of the leak remained unconfirmed at the time of reporting.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/france-titre-ants-la-fuite-serait-bien-plus-importante-que-12-millions-de-comptes/
- cyberattaque.orghttps://www.cyberattaque.org/cyberattaque-ants-france-titre-18-millions-de-profils-francais-mis-en-vente/
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/
- franceinfo.frhttps://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/fuite-de-donnees-sur-le-portail-de-l-ants-pres-de-12-millions-de-comptes-concernes-annonce-le-ministere-de-l-interieur_7954181.html