UrsaClimb Logo

Data breach at French bank registry impacts 1.2 million accounts

Bleeping Computer
by Bill Toulas
February 20, 2026
AI-Generated Deep Dive Summary
A cybersecurity incident has compromised data from 1.2 million user accounts in France's national bank account registry, FICOBA, following a breach where hackers gained access using stolen credentials from a government employee. The attack exposed sensitive financial information, including bank account details, personal identities, and addresses of affected individuals. The French Ministry of Finance revealed that the incident occurred after a threat actor obtained access to an interministerial platform, leading to partial database exfiltration. FICOBA, managed by the Direction générale des Finances publiques (DGFiP), serves as a centralized repository for bank account data in France. This system collects information from various banking institutions and is crucial for tax enforcement. The breach has disrupted FICOBA's operations, with efforts underway to restore services while enhancing security protocols. Affected users will receive individual notifications, while financial institutions are alerted to inform their customers about the potential risks. The French government has emphasized the importance of vigilance against phishing attempts and scams targeting individuals, warning that legitimate authorities never request sensitive data via unsolicited messages. Collaborative efforts between DGFiP, the Ministry of Finance, and the National Cybersecurity Agency (ANSSI) aim to strengthen system defenses and prevent future incidents. This breach underscores critical vulnerabilities in government IT systems, particularly when interconnected with other institutions. The incident highlights the risks of credential theft and the potential fallout from compromising sensitive financial data. For readers focused on cybersecurity, it serves as a cautionary tale about safeguarding access points in government networks and the importance of robust security measures for critical infrastructure. The event also raises broader questions about the protection of personal data in national systems and the need for
Verticals
securitytech
Originally published on Bleeping Computer on 2/20/2026