A stolen civil servant credential gave an attacker weeks of unrestricted access to FICOBA — France's national bank account registry containing every bank account opened in the country. 1.2 million accounts were browsed, exposing IBANs, names, addresses, and tax IDs. No MFA, no anomaly detection, no rate limiting. The breach creates immediate SEPA direct debit fraud risk across the EU. Phishing campaigns targeting affected customers were already detected within days.

Links & Resources

• https://www.bleepingcomputer.com/news/security/data-breach-at-french-bank-registry-impacts-12-million-accounts/
• https://therecord.media/attackers-breach-france-national-bank-account-database
• https://www.helpnetsecurity.com/2026/02/19/ficoba-data-breach-bank-accounts/
• https://securityaffairs.com/188200/hacking/french-ministry-confirms-data-access-to-1-2-million-bank-accounts.html
• https://www.techradar.com/pro/security/french-government-systems-hacked-over-1-2-million-private-financial-accounts-hit
• https://www.scworld.com/brief/hacker-accesses-1-2-million-french-bank-accounts-using-stolen-credentials
• https://www.webpronews.com/frances-financial-data-catastrophe-how-hackers-breached-government-systems-and-exposed-1-2-million-private-accounts/