France’s central identity office, the Agence Nationale des Titres Sécurisés, confirmed a breach that exposed personal details of its users. Stolen fields include full names, birth dates and places, mailing and email addresses, and phone numbers. The agency issues national IDs, passports and immigration documents, making the leak a direct threat to millions of citizens.

The intrusion was detected on April 15, and ANTS launched an internal probe to trace the entry point. investigators have not disclosed the total number of records compromised, but officials are contacting every potentially affected individual. Ongoing analysis aims to determine whether attackers exploited a specific software flaw or leveraged stolen credentials.

A hacker later posted on a public forum claiming possession of a database containing 19 million records matching the agency’s data schema. The post appeared before ANTS publicly disclosed the breach on April 20, suggesting the attacker had early access. Bleeping Computer traced the advertisement to a well‑known underground marketplace, raising concerns about resale to identity‑theft networks.

With personal identifiers now circulating, French citizens may face phishing attacks, fraudulent applications, and broader privacy erosion. The episode underscores the need for hardened authentication and continuous monitoring within government‑run identity platforms. Authorities have pledged to audit all related systems and tighten encryption standards, aiming to restore public confidence.