French FICOBA Bank Registry Breach Exposes 1.2 Million Accounts Including IBANs and Addresses

Hackers breached France’s national bank account registry FICOBA and accessed data on 1.2 million accounts. Attackers used stolen credentials from a civil servant with access to the interministerial platform. The French Ministry of Finance confirmed exposure of bank details, identities, addresses, and some taxpayer IDs.

FICOBA serves as France’s centralized database of all bank accounts. French banks submit account data to DGFiP tax authorities per legal requirements. The system tracks account existence, IBAN/RIB numbers, and holder identities. Late January breach disrupted operations. No restoration timeline available.

Ministry officials blocked attacker access immediately upon detection. Individual notifications to affected users begin within days. French banks received alerts to warn customers. Scam emails and SMS campaigns already exploit stolen data. Tax authorities never request credentials via message.

Exposed Data Categories

Data Type	Sensitivity	Fraud Potential
IBAN/RIB Numbers	Critical	Direct account access
Account Holder Name	High	Identity theft
Physical Address	High	Targeted scams
Taxpayer ID (partial)	Critical	Tax refund fraud

Complete banking profiles compromised.

Attack Vector Details

Single compromised civil servant account enabled breach:

• Interministerial platform credentials stolen.
• Direct FICOBA database access granted.
• Partial database exfiltrated before containment.

No zero-day exploits required.

FICOBA System Role

Centralized registry tracks:

• All French bank accounts.
• Account holder identities.
• IBAN/RIB identifiers.
• Mandatory bank reporting.

Tax enforcement backbone disrupted.

Immediate Response Actions

Government activated response:

• Attacker access terminated.
• Affected users individually notified.
• Banks warned to alert customers.
• CNIL data protection authority informed.
• ANSSI cybersecurity agency engaged.

System restoration underway.

Predicted Scam Patterns

Expect these attacks using stolen data:

• Phishing emails with real IBANs.
• SMS claiming account verification.
• Fake tax refund notifications.
• Targeted social engineering.

French authorities warn against responding.

Responding Organizations

Agency	Role
Ministry of Finance	Breach disclosure, notifications
DGFiP	FICOBA operations, restoration
ANSSI	Cybersecurity investigation
CNIL	Data protection oversight
French Banks	Customer warnings

Coordinated national response.

Account Security Steps

French residents protect themselves now:

• Monitor accounts for unauthorized transactions.
• Ignore unsolicited bank/tax messages.
• Enable transaction alerts on banking apps.
• Change passwords on financial accounts.
• Report phishing to French authorities.

Vigilance critical post-breach.

System Restoration Challenges

FICOBA downtime impacts:

• Bank account verifications blocked.
• Tax processing delayed.
• New account registrations stalled.
• Legal/compliance operations halted.

No estimated recovery time.

Historical Context

Major French financial breaches:

• Previous DGFiP incidents contained faster.
• Banking sector targets rising.
• Credential stuffing primary vector.

FICOBA represents largest exposure.

FAQ