France's ANTS Identity Portal Breach Exposes 11.7 Million Citizens' Personal Records
On April 22, 2026, France's national identity document agency ANTS (now branded France Titres) confirmed a data breach that exposed at least 11.7 million citizen records. Threat actors 'breach3d' and 'ExtaseHunters' claim 18 to 19 million records and are advertising the dataset on criminal forums. Document scans were not accessed; full names, dates and places of birth, addresses, phone numbers, and emails were.
VaultTools · April 30, 2026
Photo on Unsplash
Table of Contents
- What happened
- What was exposed and what was not
- The threat actors
- The investigation
- Why a centralized portal is a single point of failure
- What this means for browser-based file tools
- Sources
What Happened
On April 15, 2026, ANTS (Agence Nationale des Titres Sécurisés, recently rebranded “France Titres”), the French Ministry of the Interior agency that processes applications for passports, national identity cards, driver’s licenses, and residence permits, detected a security incident on its citizen portal. The agency confirmed the breach publicly on April 22, 2026, after extracted data began circulating on a criminal forum.
French and international outlets, including TechCrunch and Cybernews, report 11.7 million accounts confirmed exposed. The threat actors claim 18 to 19 million records. ANTS has not endorsed the higher figure.
What Was Exposed and What Was Not
According to ANTS and reporting on the dataset advertised for sale, the accessed records include:
- Full legal names
- Dates of birth
- Places of birth
- Postal addresses
- Email addresses
- Phone numbers
- Login identifiers and unique account IDs
The agency states that document scans, passport photographs, and authentication credentials were not in the accessed systems.
The Threat Actors
Two aliases posted the dataset on criminal forums: “breach3d” and “ExtaseHunters.” The first listing appeared on April 16, 2026, one day after ANTS detected the incident and six days before the agency’s public confirmation.
The Investigation
ANSSI, the French national cybersecurity agency, is leading the technical investigation alongside law enforcement. The Ministry of the Interior has filed a criminal referral with the Paris Prosecutor. CNIL, France’s data protection authority, was formally notified under Article 33 of the GDPR, which requires notification of supervisory authorities within 72 hours of discovery.
ANTS stated that “the investigation to determine how the breach happened and its impact is ongoing, and people whose data was affected are being notified.”
Why a Centralized Portal Is a Single Point of Failure
The ANTS portal is the single government system used by every French applicant for a passport, identity card, residence permit, or driver’s license. By design, it aggregates identity metadata for a large share of the adult French population.
The compromised fields (full name, date of birth, place of birth, postal address, phone number, and email) are exactly the inputs needed to build convincing targeted phishing. An email that references a real name, birth date, and an “incomplete passport file” or a “driver’s license payment due” is harder to dismiss than a generic scam. Attackers did not need to access document scans. The metadata around the documents was enough.
What This Means for Browser-Based File Tools
Centralized portals that ingest identity data are high value targets. The only architectural way to remove a target is to not collect the data in the first place. For document workflows, that pattern is straightforward: convert, compress, redact, and sign files on the user’s own device, with the file bytes never touching a third party server.
VaultTools follows that pattern. PDFs are merged, images are resized, EXIF is stripped, all inside the browser using WebAssembly. There is no upload, no central database to breach, and no record to advertise on a forum.
A national identity portal cannot, by design, work the same way; the state needs the records. But every workflow that does not require central storage is a workflow worth keeping local.
Sources
- France confirms data breach at government agency that manages citizens’ IDs (TechCrunch)
- ANTS Hack: 19 million records exposed in French ID agency breach (Cybernews)
- France’s Government ID Agency Was Hacked, and 11.7 Million Citizens’ Passport and Identity Records Are Now for Sale (ScamWatchHQ)
- France’s Passport Agency Got Hacked: 19 Million Citizens’ Identity Data Is for Sale (gblock.app)
- France’s ID and passport portal was hacked, millions may now be targets for scams and identity fraud (Europe Infos)
- French Identity Document Agency Hit by Cyberattack, 19 Million Records at Risk (eBuilder Security)