France’s Ministry of Economy on Wednesday disclosed a breach that exposed information on 1.2 million bank accounts.
Investigators discovered unauthorized access to the national bank account registry FICOBA.
The ministry stated on its website that a threat actor stole credentials belonging to an official and used them to access the database storing information on all bank accounts opened in France.
The breach occurred in late January and impacted 1.2 million accounts, including IBANs, account holder names, addresses, and in some cases tax identifiers.
The attacker’s access has been terminated and impacted individuals are being notified.
Officials said the attacker would not have been able to conduct banking operations or even view account balances.
Nevertheless, individuals have been warned of potential scams and phishing attempts.
Michael Jepson, penetration testing manager at CybaVerse, commented, “If individual members of an organisation can access large volumes of sensitive data unilaterally, this creates a structural weakness where a single set of compromised credentials can lead to widespread data exposure. Any policy that allows broad access to sensitive systems via a single identity, without additional safeguards, introduces significant risk.”
“Traditionally, access scope often increased with seniority, an approach that is now widely recognised as problematic in modern threat environments,” Jepson said via email.
“Modern security practice recognises that access should be determined strictly by operational need rather than hierarchy. Senior figures are frequently primary targets for threat actors, which makes excessive privilege particularly dangerous,” he added.
Related: Cyberattack Disrupts France’s Postal Service and Banking During Christmas Rush
Related: Data Stolen in Eurofiber France Hack
Related: Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
