bestdata

bestdata is a threat actor name associated with the claimed sale of a 1.2 million record dataset described as French FICOBA banking leads. The available content states that the actor advertised the dataset on the open web and directed sales inquiries to a Telegram handle. The claimed victim set is the French banking sector and FICOBA, France’s national registry of bank accounts maintained by the French tax authority. The listing asserted that records from more than 15 financial institutions in France were represented, including BNP Paribas, Societe Generale, Credit Lyonnais (LCL), Credit Agricole, Caisse d'Epargne, Credit Mutuel, CIC, Banque Populaire, AXA Banque, Boursorama, Revolut, Monabanq, Carrefour Banque, HSBC, Allianz Banque, BRED, and BforBank. According to the listing, the data included full identities, dates and places of birth, French social security numbers, tax identifiers (SPI), IBANs, BIC/SWIFT codes, bank and branch details, account information, phone numbers, email addresses, addresses, relatives’ names and birthdates, and possible password fields. The content maps the activity to MITRE ATT&CK techniques T1589.001, T1213, T1657, and T1567. No additional aliases or sub-groups are provided in the content.