France's ANTS document agency breached, 19M records allegedly up for sale

The Agence nationale des titres sécurisés (ANTS), the French Interior Ministry body that issues passports, national IDs, driver’s licenses, and immigration papers, detected an intrusion into its ants.gouv.fr portal on April 15, 2026. Exposed fields for affected individual and professional accounts include login IDs, full names, emails, dates of birth, unique account identifiers, and — for a subset — postal addresses, places of birth, and phone numbers. ANTS says the leaked data cannot be used to authenticate into its systems but is sufficient fuel for targeted phishing and social engineering, and it has notified CNIL, ANSSI, and the Paris Public Prosecutor.

A day after the incident, a threat actor going by ‘breach3d’ surfaced on hacker forums claiming to hold 19 million ANTS records — names, contact details, birth and address data, account metadata, gender, and civil status — and offered the dataset for sale rather than dumping it publicly. ANTS has not confirmed the scale, and individual impact notifications are still going out.

The incident lines up with a familiar pattern for national identity-document systems: the stolen material alone does not grant portal access, but combined with the authority of the issuing agency it becomes a high-conversion lure for impersonation campaigns targeting citizens already conditioned to trust ANTS communications. Any follow-on SMS, voice, or email traffic claiming to originate from the agency should be treated as hostile until verified out of band.