A single compromised account gave hackers access to 1.2 million French banking records
Ficoba has warned that “numerous” scams are already in circulation following the data breach
Credentials stolen from a single government official enabled threat actors to access a French national database containing data on more than 1.2 million bank accounts.
The attackers were able to access the Fichier des comptes bancaires (Ficoba) database, which contains files on all bank accounts opened in France.
Stolen credentials were used by the threat actors to impersonate a civil servant and view data that included personal information such as bank account numbers, account holders' names and addresses, IBANs, and, in some cases, the account owner's tax number.
"Starting at the end of January 2026, a malicious actor, who had impersonated a civil servant with access rights as part of an inter-ministerial information exchange, was able to consult a portion of this file," Ficoba said in a statement.
"As soon as this incident was detected, immediate access restrictions were implemented to stop the attack, limit the scope of the data accessed and extracted from this database – which reportedly includes 1.2 million accounts – and prevent any further unauthorized access."
Ficoba said IT teams at the French Public Finances Directorate, along with other bodies, were working to address this incident and strengthen security. The incident has also been reported to the French Data Protection Authority (CNIL), it said.
The chief of France's Public Finances told Agence France-Presse that affected individuals will be contacted over the next few days. Officials insisted the breach did not give attackers access to account balances or transactions.
FICOBA breach prompts phishing frenzy
Security researchers at Cybernews said that this may not be the full story. While account balances can’t be accessed from this data alone, this incident “still poses risks” to users across the country.
“Exposed PII, such as names and addresses, can be combined with other leaked data to profile people and construct convincing phishing campaigns that can pose as the national bank.”
When combined with tax identification numbers, researchers said this increases the risk of fraud and identity theft, as these numbers can be used as identifiers on government platforms.
Ficoba has warned that "numerous" scams are circulating via email or SMS, aiming to obtain information or payments from users.
Individuals contacted have been urged not to reply directly, and should instead contact their local tax office directly through the secure messaging system in their online account or by phone to check out the authenticity of the message.
Meanwhile, Michael Jepson, penetration testing manager at CybaVerse, said it's worrying that a single individual within the organization was able to access large volumes of sensitive data unilaterally.
"Traditionally, access scope often increased with seniority, an approach that is now widely recognized as problematic in modern threat environments," he said.
"Modern security practice recognizes that access should be determined strictly by operational need rather than hierarchy. Senior figures are frequently primary targets for threat actors, which makes excessive privilege particularly dangerous."
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
$600bn lost every year to downtime as organizations battle hidden costsNews Disclosure, stock prices, ransoms and fines add up to hundreds of billions as unplanned downtime for large firms shoots up 50% in just two years
-
Beware of emails threatening a code of conduct reviewNews A widespread phishing campaign has targeted tens of thousands of employees
-
‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft TeamsNews New research shows threat actors are ramping up “multi-channel” phishing attacks by combining lures via email and Microsoft Teams
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businesses
News Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
Zephyr Energy hackers swiped £700,000 after redirecting a contractor paymentNews Payment to a Zephyr Energy contractor was siphoned off, but the incident has been contained and new security measures implemented
-
'AI-generated phishing became the baseline' for hackers last year – Kaseya warns it's going to get worse in 2026News Forget looking for typos and bad grammar, phishing campaigns are using AI to boost their attack success
-
'The latest in a series of public sector data disasters': Cyber experts hit out at Companies House security fiascoNews The incident at Companies House underlines the need for more robust public sector security capabilities
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
