French FICOBA Bank Account Registry Accessed Using Stolen Government Credentials
French authorities confirmed unauthorized access to FICOBA, the national registry of bank accounts, after an attacker used stolen credentials belonging to a government official to view records tied to roughly 1.2 million accounts. Exposed data reportedly included account numbers and account-holder identity details (names, addresses, and in some cases tax identification numbers), while balances and transaction histories were not accessed; officials said the access was detected and blocked quickly and that affected individuals would be notified. A criminal complaint was filed and the incident was reported to CNIL (France’s data protection authority).
Reporting also indicated the government described the incident as involving data “stolen” from the repository, though other accounts emphasized that access was interrupted before exfiltration could occur, leaving the precise extent of data removal unclear. The incident highlights the risk of credential compromise for privileged government access to sensitive financial registries and the downstream exposure of identity-linked banking metadata that can enable targeted fraud and social engineering even without transaction data.
Timeline
Feb 20, 2026
Authorities file complaint, notify CNIL, and prepare victim notifications
Following the disclosure, French authorities said they had filed a criminal complaint and informed CNIL, France’s data protection authority. The government also said affected account holders would be notified about the breach.
Feb 19, 2026
French government discloses FICOBA breach affecting 1.2 million accounts
On or before February 19, 2026, the French government publicly reported that an unauthorized third party had accessed FICOBA and stolen data associated with roughly 1.2 million bank accounts. The compromised information included account numbers, names, addresses, and in some cases tax identification numbers.
Feb 19, 2026
French authorities block access after detecting the intrusion
After the unauthorized access was discovered, French authorities immediately revoked the attacker’s access to the system. Officials said account balances and transaction data were not accessed, and stated that further exfiltration was prevented once the breach was detected.
Jan 1, 2026
Attacker uses stolen credentials to access FICOBA in January
In January 2026, an unknown attacker used stolen credentials belonging to a French government official to access FICOBA, France’s national registry of bank accounts. The intrusion exposed personal and banking-related data tied to about 1.2 million accounts.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Malware
Organizations
Affected Products
Sources
Related Stories
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks ago
Data exposures tied to third-party access and credential misuse in Ukraine and France
Ukraine’s National Bank (NBU) took its **collectible coin/numismatic online store** offline after a cyberattack against a supporting **contractor** potentially exposed customer registration data (names, phone numbers, emails, and delivery addresses). The NBU said **core banking systems were not affected** and **no payment card or banking data** was compromised, but warned the exposed PII could be leveraged for **phishing** and other follow-on fraud; the incident was described as consistent with a **supply-chain** intrusion path. In France, authorities disclosed illegal access to a portion of the **National Bank Accounts File (FICOBA)**—a government database used for tax, customs, and law-enforcement purposes—after an attacker **impersonated a civil servant** and used valid credentials to query data. Officials said up to **1.2 million accounts** may have been impacted, with exposed fields potentially including account numbers, names, addresses, and in some cases tax identifiers; **DGFiP**, supported by **ANSSI**, is investigating and notifying affected individuals while banks were alerted to heighten fraud/phishing monitoring. Separately, **Safran Group** denied being cyberattacked, stating that a leaked dataset containing “non-strategic” order/customer details was **inadvertently exposed via a third-party provider**, with external analysis suggesting the compromise occurred elsewhere in the supply chain rather than within Safran’s own systems.
1 months ago
French Telecom and Retail Breaches Expose Millions of Customer Records
French telecommunications provider **Bouygues Telecom** disclosed a cyberattack that led to the exposure of nearly **6.4 million customer records**, including **5.7 million unique email addresses**. The compromised data reportedly included names, physical addresses, phone numbers, dates of birth, and **IBANs**, raising concerns about fraud and financial abuse. The company said affected customers were notified after detecting the intrusion into its services. French electronics retailer **Boulanger** also suffered a major breach in which more than **27 million rows of data** were exposed, including **2 million unique email addresses**. The leaked information reportedly included names, physical addresses, phone numbers, and even **latitude and longitude** data. Unlike the Bouygues incident, the stolen Boulanger dataset was later posted publicly on a hacking forum, significantly increasing the likelihood of downstream misuse, phishing, and identity-related abuse.
1 months ago