The French Ministry of Finance has disclosed a cybersecurity incident that impacted data associated with 1.2 million user accounts.
The investigation discovered that hackers gained access to the national bank account registry (FICOBA) and stole a database containing sensitive information.
The Ministry’s announcement notes that in late January, a threat actor used credentials stolen from a civil servant with access to the interministerial information sharing platform.
The credentials gave the hacker access to part of a database that contained all bank accounts opened in French banking institutions and personal data:
- Bank account details, including RIBs/IBANs
- Account holder identity
- Physical address
- Taxpayer identification number (only in some cases)
The Ministry states that it took immediate action to restrict the threat actor’s access to its systems immediately after detecting the incident. However, it is believed that data of about 1.2 million accounts were already exposed to potential exfiltration.
FICOBA is a centralized state-managed registry of bank accounts in France, operated by the French tax authority, the Direction générale des Finances publiques (DGFiP).
It operates as a database that records the existence and identifiers of accounts, with data provided by French banking institutions in accordance with tax enforcement law requirements.
The cyberattack has disrupted the system’s operations, and work is underway to restore it with enhanced security. However, there is no estimation of when FICOBA will be back online.
The Ministry also stated that users affected by the incident will be notified individually over the next few days.
Banking institutions in the country have been informed accordingly, and they are expected to take action to raise awareness among their customers of the need for increased vigilance.
The announcement mentions numerous scam attempts circulating via email and SMS that aim to steal data or money directly from recipients, and citizens are advised not to respond to them.
“The tax administration never asks for your login credentials or bank card number via message,” the French ministry warns.
The French data protection authority, CNIL, has also been informed about the incident.
DGFiP’s IT team is currently working with the Ministry of Finance and the National Cybersecurity Agency of France (ANSSI) to strengthen system security and bring it back to full operational status.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.