2.1 million: data leak at OFII / ANEF
On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "Étrangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.
- Victim
- OFII / ANEF ("Étrangers en France" portal – French Ministry of the Interior)
- records
- 2.1M
On 1 January 2026, OFII / ANEF — the French Office for Immigration and Integration and its "Étrangers en France" administrative portal (etrangers-en-france.interieur.gouv.fr) run under the Ministry of the Interior — became the subject of a major data leak when a threat actor advertised roughly 2.1 million records for sale on the BreachForums cybercrime forum.
According to OFII director Didier Leschi, the breach did not stem from OFII's own information system but from one of its subcontractors — an operator with access to data handled under the Contrat d'Intégration Républicaine (CIR). The compromise of this third-party provider allowed the attacker to exfiltrate roughly 1 GB of data covering foreign nationals who used the portal. Sample extracts published by the seller — including batches of foreigners from around the world and several hundred Israeli residents — were judged technically credible by analysts, citing internal identifiers such as AGDREF numbers and CESEDA-consistent terminology.
The exposed data reportedly includes:
- Full identity (surname, first names, sex, date and place of birth, nationality)
- Contact details (postal address, mobile phone number, personal email address)
- Family situation (marital status, number of children and their years of birth)
- Administrative data (date of arrival in France, residence-permit type, internal file number, deciding prefecture)
As of early January 2026 the incident remained ongoing: the breach was confirmed by OFII's director, but no formal communication had been issued by the Ministry of the Interior, and the data circulated on BreachForums. The exposure of such sensitive information on a vulnerable population raises significant risks of fraud, identity theft and targeted harassment.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-01-ofii-anef-portail-etrangers-en-france-ministere-de-l-interie
- usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/loffice-francais-de-limmigration-et-de-lintegration-vise-par-une-cyberattaque-un-sous-traitant-en-cause.LD4AQUJ3ABDWPJWGD2ID62H6E4.html
- solutions-numeriques.comhttps://www.solutions-numeriques.com/cyber-securite-de-letat-une-fuite-de-donnees-portant-sur-21-millions-de-dossiers-de-lofii-evoquee/
- cyberveille.chhttps://cyberveille.ch/posts/2026-01-04-fuite-massive-presumee-a-lofii-anef-21-m-de-lignes-de-donnees-exfiltrees/