French FICOBA Bank Account Registry Accessed Using Stolen Government Credentials
French authorities confirmed unauthorized access to FICOBA, the national registry of bank accounts, after an attacker used stolen credentials belonging to a government official to view records tied to roughly 1.2 million accounts. Exposed data reportedly included account numbers and account-holder identity details (names, addresses, and in some cases tax identification numbers), while balances and transaction histories were not accessed; officials said the access was detected and blocked quickly and that affected individuals would be notified. A criminal complaint was filed and the incident was reported to CNIL (France’s data protection authority).
Reporting also indicated the government described the incident as involving data “stolen” from the repository, though other accounts emphasized that access was interrupted before exfiltration could occur, leaving the precise extent of data removal unclear. The incident highlights the risk of credential compromise for privileged government access to sensitive financial registries and the downstream exposure of identity-linked banking metadata that can enable targeted fraud and social engineering even without transaction data.
Related Entities
Organizations
Sources
Related Stories
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks ago
Data exposures tied to third-party access and credential misuse in Ukraine and France
Ukraine’s National Bank (NBU) took its **collectible coin/numismatic online store** offline after a cyberattack against a supporting **contractor** potentially exposed customer registration data (names, phone numbers, emails, and delivery addresses). The NBU said **core banking systems were not affected** and **no payment card or banking data** was compromised, but warned the exposed PII could be leveraged for **phishing** and other follow-on fraud; the incident was described as consistent with a **supply-chain** intrusion path. In France, authorities disclosed illegal access to a portion of the **National Bank Accounts File (FICOBA)**—a government database used for tax, customs, and law-enforcement purposes—after an attacker **impersonated a civil servant** and used valid credentials to query data. Officials said up to **1.2 million accounts** may have been impacted, with exposed fields potentially including account numbers, names, addresses, and in some cases tax identifiers; **DGFiP**, supported by **ANSSI**, is investigating and notifying affected individuals while banks were alerted to heighten fraud/phishing monitoring. Separately, **Safran Group** denied being cyberattacked, stating that a leaked dataset containing “non-strategic” order/customer details was **inadvertently exposed via a third-party provider**, with external analysis suggesting the compromise occurred elsewhere in the supply chain rather than within Safran’s own systems.
3 weeks agoFrench Football Federation Data Breach via Compromised Account
The French Football Federation (FFF) suffered a significant cyberattack in which threat actors exploited a compromised user account to access the federation’s administrative management software. This breach resulted in the theft of sensitive personal data belonging to over two million registered amateur football players and club members, including names, dates and places of birth, nationalities, postal and email addresses, phone numbers, and football license numbers. Financial data and passwords were reportedly not affected. Upon discovering the breach on November 20, 2025, the FFF immediately deactivated the compromised account, reset all user passwords, and secured its systems. The FFF has filed a formal complaint with French authorities and notified both the National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL). Affected individuals whose email addresses were exposed are being contacted directly, and the federation has urged all members to be vigilant against potential phishing attempts and scams leveraging the stolen data. This incident highlights the growing cyber risks faced by sports organizations and underscores the need for robust cybersecurity measures to protect large volumes of personal information managed by such entities.
3 months ago