Massive French Data Breach: 1.2 Million Bank Accounts Exposed

French authorities have confirmed a major cybersecurity incident after hackers gained access to personal data linked to more than 1.2 million bank accounts through the FICOBA database — the national registry listing all bank accounts held in France.

The breach has sparked widespread concern about data protection and financial security, particularly among residents and expatriates in France. Here’s what happened, what’s being done, and how you can protect yourself.

What Is the FICOBA Database?

FICOBA (Fichier national des comptes bancaires et assimilés) is a central database managed by France’s General Directorate of Public Finances (DGFiP). It tracks all:

Bank and savings accounts held in France
Account holders’ names and addresses
Bank identifiers (RIB/IBAN)
Associated tax identification numbers

While it helps detect tax fraud and manage judicial investigations, it’s a rich target for hackers — particularly since it links individuals directly with their banking institutions.

How Did the Breach Happen?

According to Bercy (France’s Ministry of Economy and Finance), the cyberattack began in late January 2026. A hacker successfully used stolen access credentials from a government employee with authorized connection privileges to FICOBA.

Once inside, the attacker extracted personal banking information on approximately 1.2 million French residents — including their identity, account details, and contact information.

The government emphasizes that no account balances or transaction data were compromised. However, the level of detail exposed significantly increases the risk of targeted fraud and identity theft.

Government Response and Security Actions

Immediately after detecting the breach, the DGFiP and ANSSI (France’s National Cybersecurity Agency) moved to contain and investigate the attack. Key measures included:

Immediate suspension of compromised access credentials
Notification to the CNIL (France’s Data Protection Authority)
Formal complaint filed with law enforcement
Data security audits and reinforced server protections

Individuals potentially affected will receive direct notification from the DGFiP in the coming days.

Rising Concerns: Risks of Targeted Fraud

Experts warn that while the hackers cannot move funds or view balances, the leaked information could fuel a surge in phishing scams and impersonation fraud.

Cybercriminals now have enough verified data to make fake messages seem legitimate — such as posing as your bank, your tax office, or even your local mairie.

Be especially alert for:

Emails or texts claiming “urgent bank updates”
Requests for RIB or credit card verification
Fake tax refund notifications from “DGFiP” or “Impots.gouv”

If in doubt, always log into your official online account directly rather than clicking on any link.

A Wave of Cyberattacks Across France

This FICOBA breach is not an isolated incident. In recent months, France has faced a series of large-scale cyberattacks targeting government systems and national platforms:

Fédération nationale des chasseurs: over 1 million records stolen
HubEE platform: personal data and official documents leaked
Several local authorities: ransomware attacks disrupting public services

This rise in attacks underscores France’s growing vulnerability as more administrative services move online.

How to Protect Yourself

If you live in France — or hold a French bank account — take proactive steps to safeguard your identity and finances:

Check bank statements regularly for suspicious activity
Change online passwords and avoid reusing them
Enable two-factor authentication (2FA) wherever possible
Ignore unsolicited messages asking for sensitive information
Report suspected fraud to your bank or to cybermalveillance.gouv.fr

Final Takeaway

The FICOBA cyberattack marks one of the most serious data breaches in recent French history. While no direct financial losses have been reported, the exposure of so much personal information could trigger a wave of phishing, scams, and identity theft attempts in the weeks ahead.

Staying vigilant, verifying every message, and using strong security practices is now more essential than ever.