France's National Bank Database Breached, 1.2M Accounts Exposed

France's Ministry of Economy disclosed a breach of FICOBA, the national registry containing bank account information for over 80 million individuals. Attackers accessed approximately 1.2 million accounts out of the database's 300 million total records after compromising credentials used for interministerial data exchanges.

The breach, which began in late January 2026, was disclosed publicly on February 19 after internal detection triggered containment measures, according to reporting from The Record.

What Is FICOBA?

FICOBA—the Fichier national des Comptes Bancaires et Assimilés—is France's centralized registry of all bank accounts, maintained by the Direction générale des Finances publiques (DGFiP). The database serves tax authorities, law enforcement, and other government agencies requiring visibility into financial accounts.

The registry contains account numbers, holder names and addresses, and in some cases tax identification numbers. It does not provide access to account balances, transaction histories, or the ability to move funds—limitations that constrained the breach's potential impact.

How the Attack Happened

According to French authorities, an attacker impersonated a civil servant and obtained credentials that permitted queries against FICOBA as part of authorized interministerial information sharing. This suggests either social engineering or credential theft from a legitimate government user.

The attack vector highlights a persistent problem: databases designed for internal government use often rely on shared access mechanisms that create single points of failure. Once an attacker obtains valid credentials, query-based extraction is difficult to distinguish from legitimate usage.

Scale and Exposure

FICOBA holds records for everyone who has ever held a bank account at a French financial institution—over 80 million people and 300 million account records. The 1.2 million accounts accessed represent a fraction of the total, but still constitute one of the larger government data breaches in recent French history.

Affected individuals will receive direct notification by Monday, according to the Ministry's announcement. Banks have been alerted to warn customers about potential fraud and phishing campaigns leveraging the stolen data.

Fraud Risks

The exposed information creates several attack opportunities:

• Phishing campaigns using accurate account and address details to appear legitimate
• Identity theft enabled by tax identification numbers and personal information
• SIM swapping attacks if phone numbers were associated with account records
• Targeted financial fraud using account details to impersonate victims

French authorities warned citizens to exercise heightened vigilance around unsolicited communications referencing banking information. Any contact claiming to represent financial institutions should be independently verified.

This pattern mirrors what we documented in the 700Credit breach that exposed millions of Social Security numbers in the US auto finance sector. Financial infrastructure databases represent high-value targets precisely because the data enables downstream fraud.

Response Measures

France's finance ministry and the National Cybersecurity Agency of France (ANSSI) are jointly investigating. System hardening efforts are underway to prevent similar access, though specific technical measures haven't been disclosed.

No attribution has been established. The impersonation angle suggests a sophisticated attacker comfortable with social engineering, but could equally indicate an insider threat or compromised government contractor.

Government Database Security

The FICOBA breach adds to a pattern of government data exposures across Europe. We covered the European Space Agency breach last month, which exposed 200GB of data through different means but highlighted similar structural vulnerabilities in government data management.

Large centralized databases with high query volumes create detection challenges. Distinguishing malicious access from legitimate use requires behavioral analysis that many government systems lack. The credentials-based access model compounds the problem—valid credentials authenticate the request, regardless of the requester's actual identity.

For governments operating similar registries, the FICOBA incident suggests several priorities:

1. Implement access anomaly detection beyond simple authentication
2. Segment query capabilities to limit exposure per credential
3. Add secondary verification for bulk data access patterns
4. Audit interministerial access grants that may have accumulated over time

Why This Matters

Financial registry breaches sit at the intersection of privacy, identity theft, and government trust. Citizens have no choice but to trust that tax authorities secure their financial information appropriately.

The breach also demonstrates that government databases remain attractive targets. The FICOBA incident didn't involve any sophisticated technical exploitation—just impersonation and credential abuse against a system designed for convenience rather than security.

French citizens with bank accounts—essentially the entire adult population—should treat any communication referencing account details with suspicion until the phishing waves this breach will generate pass. For readers interested in protecting themselves from data breach consequences, monitoring for unusual account activity and enabling fraud alerts remain the most practical defenses.