The French Ministry of Finance disclosed a cyber incident in which hackers accessed the national bank account registry FICOBA and exposed data tied to about 1.2 million user accounts. Stolen information included RIBs/IBANs, account holder identities, addresses and some taxpayer IDs after attackers used credentials from a civil servant, and authorities are working to secure the system and notify affected users. #FICOBA #DGFiP
Keypoints
- Hackers accessed the FICOBA registry and data for roughly 1.2 million accounts was exposed.
- The intrusion occurred using credentials stolen from a civil servant with interministerial platform access.
- Exfiltrated data included RIBs/IBANs, account holder names, physical addresses, and some taxpayer IDs.
- The Ministry restricted access immediately and is working with DGFiP, ANSSI, and CNIL to restore and strengthen security.
- Affected users and banks will be notified and warned to ignore phishing SMS and email scams.