France’s ID-and-passport portal was hacked, millions may now be targets for scams and identity fraud

Hackers broke into a French government portal used for passports, national ID cards, and driver’s licenses, then sensitive personal data tied to those accounts appears to have spilled into criminal forums.

France’s Interior Ministry says it detected the intrusion on April 15, 2026, and confirmed that attackers gained unauthorized access to identifying information. Online sellers are now advertising a database they claim contains roughly 18 to 19 million records, an eye-popping figure in a country of about 68 million people, though officials have not confirmed the total.

Even without stolen documents or passwords, the exposed mix, names, emails, and birth dates, can be enough to fuel highly believable phishing attacks and identity scams. In other words: the first people to pay the price aren’t bureaucrats in Paris. They’re everyday citizens.

A centralized government login became a high-value target

The compromised service is known as ANTS, short for France’s National Agency for Secure Documents. It’s a one-stop online gateway for some of the country’s most important paperwork, closer in function to a bundled version of the DMV, passport services, and parts of Social Security administration in the U.S.

France has been rebranding the portal under the name “France Titres,” but the role is the same: millions of people use it to apply, track applications, and receive official notifications. That kind of centralization is convenient, until it turns into a single point of failure.

According to the Interior Ministry, the breach was detected April 15, with public confirmation coming days later. That gap is typical in cyber incidents, when agencies scramble to verify what happened and lock down systems. It’s also the window when stolen data can start circulating.

What data was exposed, and why it’s dangerous even without passwords

French officials say the potentially affected information includes basic identity and account details: name, email address, date of birth, login identifier, and a unique account ID. Depending on the user, additional fields such as mailing address, place of birth, or phone number may also appear, but aren’t guaranteed.

This is the kind of dataset scammers love because it makes fraud feel personal. A message that includes your real name and birth date, and references an “incomplete passport file” or “driver’s license payment due”, can push people to click before they think.

That’s the core threat here: social engineering. Criminals don’t need to “take over” your government account to cause damage. They just need a convincing story and enough real details to make it stick.

Officials say uploaded documents weren’t taken, but the risk remains

The agency has said documents uploaded during applications, photos and supporting paperwork, were not affected. That matters, because it reduces the odds that criminals directly obtained scans of IDs or other attachments.

But it doesn’t eliminate the danger. Names, emails, and birth dates can be combined with older leaks from other breaches to build a fuller profile, one that can be used to impersonate someone with banks, phone carriers, or online services.

“18 to 19 million records” is the claim, verification is still underway

On cybercrime forums, sellers have advertised what they describe as a massive ANTS-linked database, posting as early as April 16. The claimed volume, 18 to 19 million records, has not been definitively validated by the French government.

Security researchers caution that underground sellers sometimes inflate numbers to raise prices, and listings can include duplicates or recycled data. There’s also precedent: in September 2025, a separate dark-web listing claimed ANTS data involving 10 to 12 million people, but its authenticity was disputed.

What’s different this time is the official confirmation that an unauthorized access incident occurred. Even if the for-sale file turns out to be partially bogus, the breach confirmation gives scammers a powerful hook: “The government admitted it, so this message must be real.”

France’s privacy watchdog and cybercrime investigators are now involved

The Interior Ministry says it has notified CNIL, France’s national data protection authority, roughly the country’s counterpart to a mix of U.S. state privacy regulators and the FTC’s consumer-protection role, though with stronger EU-style powers under the GDPR.

French prosecutors in Paris have also been alerted, and the case has been referred to OFAC, France’s anti-cybercrime office (not to be confused with the U.S. Treasury’s sanctions office that shares the same acronym). Investigators will work to determine how access was gained, whether data was exfiltrated, and what infrastructure may tie the intrusion to a specific group.

Officials have indicated that affected users will be notified. How those alerts are written, and how clearly they explain what happened, could shape whether the public stays cautious or becomes easier to manipulate.

What to do if you get an “ANTS” email or text

Don’t click links in unsolicited messages, even if they include personal details like your name or birth date. Instead, navigate to the service the way you normally would, by typing the official address into your browser or using a trusted bookmark.

Lock down the email account tied to your government profile. Change your email password, turn on two-factor authentication, and check for suspicious auto-forwarding rules, because once criminals control your inbox, they can reset passwords across other services.

Be wary of urgency. Calls or messages claiming your “file is blocked” or “payment is required immediately” are classic pressure tactics. If someone claims to be from an official fraud unit, hang up and call back using a number you find independently.

The bigger implication is hard to ignore: when governments centralize identity services online, they also centralize risk. Until France publicly explains what went wrong, and how it’s preventing a repeat, citizens will be left to navigate the fallout one suspicious email at a time.