Security incident at France's national digital identity agency

Between April and May 2026, French authorities confirmed a cybersecurity incident that affected millions of citizens. The case came to public attention after databases allegedly extracted from the systems of France Titres—formerly known as ANTS, an agency under the French Ministry of the Interior—appeared on underground forums. Shortly thereafter, the agency itself acknowledged that it had detected a cyber intrusion on April 15 and that some of users’ personal information may have been exposed. The news caused a major stir due to the sensitivity of the data stored by this agency, which is responsible for managing official documents such as national ID cards, passports, and driver’s licenses. 
According to preliminary investigations, the compromised data reportedly includes full names, email addresses, dates of birth, phone numbers, and mailing addresses, although authorities indicated that bank details and passwords were not affected. Suspicions fell on a 15-year-old minor, who is being investigated by the Paris prosecutor’s office for his alleged involvement in illegally accessing the systems and disseminating the stolen information. The case put both public agencies and cybersecurity experts on alert due to the risk of fraud, identity theft, and phishing campaigns targeting the affected citizens. As an immediate response, France Titres activated security protocols, reported the incident to the relevant data protection authorities, and began an internal review of its IT systems to contain the scope of the breach and strengthen digital protection measures.
The investigation is currently ongoing, and French authorities continue to analyze the exact origin of the attack, the actual volume of compromised data, and the possible involvement of additional individuals. The minor under investigation remains under judicial supervision while forensic specialists examine electronic devices and trace activities related to the publication of the information on underground forums. At the same time, the French government is monitoring the agency’s digital infrastructure and has announced measures to strengthen cybersecurity in public services that handle sensitive personal data. Although some of the affected systems have already been stabilized, authorities acknowledge that risks remain due to the potential misuse of the leaked data.