French authorities have added another case study to the growing argument against centralizing citizen identity data.
France Titres, formerly known as ANTS, operates the portal where residents apply for passports, national ID cards, residence permits, driver’s licenses, and vehicle registrations.
On April 15, something broke inside that system. A week later, the Interior Ministry confirmed what anyone watching digital ID schemes has been saying about this exact architecture for years, and the scale on offer from the attacker makes the warning harder to wave away.
A threat actor using the aliases “breach3d” and “ExtaseHunters” appeared on criminal forums on April 16, claiming to have stolen between 18 and 19 million records from the agency’s internal systems.
If accurate, that is roughly a third of France’s population sitting in a for-sale listing. The seller describes the haul as a fresh, structural compromise rather than a recycled dump, and is actively shopping it.
Early French press reports, including Le Figaro, initially pegged the figure at around 12 million accounts before later estimates climbed. The government has not confirmed any number.
What the ministry has confirmed is a “security incident that may involve the disclosure of data from both individual and professional accounts.”
Login credentials, full names, email addresses, dates of birth, unique account identifiers, postal addresses, places of birth, and phone numbers may all have been extracted. That combination is a starter kit for identity fraud, synthetic identity construction, and convincing phishing attacks against people who already expect email from French government domains.
Hellbound and Down 