France’s Ministry of Finance has confirmed a significant cyberattack on the national bank account registry, known as FICOBA. The breach, which occurred over recent weeks, resulted in unauthorized access to personal data linked to approximately 1.2 million bank accounts.
How the Breach Happened
According to a statement from Bercy, the finance ministry, a malicious actor gained access by impersonating a civil servant. Starting in late January 2026, the attacker used stolen credentials to infiltrate the FICOBA system. This registry contains a comprehensive list of all bank accounts opened in French financial institutions and holds sensitive personal data.
The compromised information includes:
- Bank account details (RIB/IBAN)
- Account holder identity
- Home address
- In some cases, the user’s tax identification number
Immediate Response and Ongoing Risks
The ministry stated that immediate access restriction measures were implemented upon detecting the incident to stop the attack and limit data extraction. Work is underway to restore the service with enhanced security protections.
Affected individuals will receive direct notification in the coming days. The French Banking Federation (FBF) confirmed that banks will also inform their impacted customers.
While the FBF emphasized that the disclosed data—account number, name, and date of birth—is “not sufficient to make a transfer or card payment,” it warned of secondary risks. Criminals could use stolen IBANs to set up fraudulent direct debits or subscriptions.
Expert Advice for Consumers
The Observatory for the Security of Payment Means advises the public to take proactive steps to protect themselves:
- Regularly review and update the list of authorized and blocked creditors (“whitelist” and “blacklist”) in your online banking space.
- Closely monitor direct debit transactions on your account.
- Immediately dispute any unauthorized debit operation.
The FBF also reiterated fundamental security rules: never share your codes, identifiers, or passwords with anyone, including someone claiming to be from your bank. Customers should contact their bank immediately if they suspect fraudulent activity.
