A major French government portal used to apply for passports, national ID cards, and driver’s licenses has been hit by a cyberattack, an incident that could put millions of people at risk of targeted scams.
French officials say personal data tied to accounts at ANTS, the agency that runs the online system, may have been exposed around April 15, 2026. On cybercrime forums, sellers have claimed they’re holding a database linked to the service, with estimates ranging up to 10 million accounts and even higher figures that haven’t been confirmed.
The French Interior Ministry insists the breach does not allow attackers to directly log into users’ accounts. But cybersecurity experts warn that even “just” names, birthdates, and email addresses can be enough to fuel convincing phishing campaigns and identity fraud.
What ANTS is, and why this breach matters
Sommaire
- 1 What ANTS is, and why this breach matters
- 2 What data may have been exposed
- 3 Officials say accounts weren’t directly compromised, but the risk is still real
- 4 How big is the breach? Competing numbers swirl online
- 5 The immediate threat: phishing that looks like official government business
- 6 What France is doing next, and what it signals for government cybersecurity
- 7 Key Takeaways
- 8 Frequently Asked Questions
- 9 Sources
ANTS (short for France’s National Agency for Secure Documents) is a one-stop digital gateway for some of the country’s most sensitive paperwork. If you’ve renewed an ID, applied for a passport, or handled a driver’s license online in France, there’s a good chance you’ve used it.
For American readers, think of it as a centralized, federal-style portal that touches functions spread across the U.S. State Department (passports) and state DMVs (driver’s licenses), all tied to a single online account system. That kind of concentration makes it a high-value target.
What data may have been exposed
French authorities have described the leaked information as personal identification data: names, email addresses, dates of birth, and account identifiers. Depending on the user profile, additional details, like a mailing address, place of birth, or phone number, could exist in the system, though officials have not said those fields were broadly included in the leak.
Even without passwords, this is prime material for criminals. A message that includes your real name and birthdate, and references a “pending passport file” or “missing document”, can look frighteningly legitimate.
Officials say accounts weren’t directly compromised, but the risk is still real
The Interior Ministry’s key claim is that the incident does not enable “illegitimate access” to user accounts, meaning it’s not being described as a straight password theft that lets criminals sign in as you.
That distinction matters technically, but it doesn’t eliminate danger. A clean list of verified identities and contact info can supercharge social engineering: phishing emails, fake text messages, and phone calls designed to trick people into handing over passwords, one-time codes, or payment details.
How big is the breach? Competing numbers swirl online
The true scale remains unclear. Public reporting in France has cited up to 10 million potentially affected accounts. Meanwhile, posts on cybercriminal forums have claimed larger troves, up to 19 million “lines” of data, figures that have not been validated by the government.
This gap is common after major breaches: sellers inflate what they have to raise the price, while authorities move slowly to verify what’s real. But the mere claim that ANTS data is for sale can trigger waves of copycat scams, because criminals don’t need perfect information, they just need enough people to believe the threat is real.
The immediate threat: phishing that looks like official government business
The most likely near-term fallout is a spike in highly tailored phishing attempts. Expect emails or texts that mimic government language, reference an “application number,” or warn that an ID request is “blocked” unless you click a link.
That’s the trap: the scammer doesn’t need to break into your account if they can convince you to do the work for them. Once a victim clicks, they may be pushed to enter login credentials, upload documents, or pay bogus “processing fees.”
What France is doing next, and what it signals for government cybersecurity
French officials say the case has been referred to prosecutors in Paris, which typically signals a serious criminal investigation. The government has also said notifications to affected users are planned.
The breach lands amid a broader run of cyber incidents hitting French public institutions, including education and health-related systems. The bigger issue is trust: governments worldwide are pushing more essential services online, but every high-profile leak makes citizens wonder whether the convenience is worth the risk, and whether public agencies are securing data with the same rigor they demand for the documents they issue.
Key Takeaways
- ANTS experienced a security incident dated April 15, 2026, involving a leak of personal data.
- The affected data may include name, email address, date of birth, and account credentials.
- The number of accounts impacted is disputed—up to 10 million accounts have been mentioned, and unconfirmed reports go higher.
- The main immediate risk for users is phishing, even before any account takeover.
- An investigation is underway following a report to the Paris public prosecutor’s office, with notifications announced.
Frequently Asked Questions
What personal data may have been exposed in the ANTS attack?
The items mentioned in official communications include identification data such as last name, first name(s), title (Mr./Ms.), email address, date of birth, and a unique account identifier. Depending on the user profile, other fields may exist—such as mailing address, place of birth, or phone number—but they are not always present.
Can hackers log in to my ANTS account with this data?
France’s Ministry of the Interior says that, at this stage, the incident does not allow unauthorized access to users’ accounts. However, a leak of identifiers and personal data can make scam attempts easier—especially phishing—and can be cross-referenced with other data breaches.
Messages that create a sense of urgency, ask you to “confirm” your identity via a link, demand immediate payment, or claim your case is blocked. Scammers mimic official administrative wording and sometimes use personal details to make the message seem credible.
What should I do if I receive a suspicious email about an ANTS process?
Don’t click the link, don’t download any attachments, and sign in only by going directly to the official portal by typing the address into your browser. Also monitor your inboxes and change your passwords if you have any doubts—especially if you reuse the same password across multiple services.
Sources
- L’ANTS visée par une cyberattaque massive, jusqu’à 10 millions de comptes concernés – franceinfo
- L’Agence nationale des titres sécurisés visée par une cyberattaque
: Actualités – Orange - France Titres (ANTS) piratée : noms, adresses, dates de naissance, jusqu'à 19 millions de comptes exposés – Les Numériques
- « Aucun système n’est inviolable » : données volées, mode opératoire, risques… Cinq questions sur la cyberattaque du portail ANTS – Le Parisien
- L’ANTS, qui gère les cartes d’identité et passeports, visée par une attaque informatique, des données potentiellement divulguées
