French Ministry confirms data access to 1.2 Million bank accounts

A hacker accessed data from 1.2 million French bank accounts using stolen official credentials, the Economy Ministry said.

A hacker gained access to data from 1.2 million French bank accounts using stolen credentials belonging to a government official, according to the French Economy Ministry. French authorities said affected account holders will be notified in the coming days.

“The French Economy Ministry said on Wednesday, February 18, that a hacker gained access to a national bank account database and consulted information on 1.2 million accounts.” reports French daily newspaper LeMonde. “Since the end of January, the hacker used the stolen credentials of an official to access and consult “parts of the file of all of the accounts open in French banks and which contains personal data such as bank account numbers, name of the account holder, address and in certain cases the account owner’s tax number,” the ministry said in a statement.”

France’s Public Finances chief said the security breach did not allow access to account balances or transactions. After detecting the intrusion, the ministry immediately blocked the threat actor and acted to prevent any data from being removed.

Authorities filed a criminal complaint and notified the CNIL, France’s data protection authority, about the incident.

The Economy Ministry has not yet disclosed the hacker’s motivation. It remains unclear whether the attacker is a nation-state actor or a cybercriminal.

In December, a major cyber incident knocked offline the information systems at the French national postal service La Poste. The attack disrupted digital banking and online services for millions of customers.

The outage followed another cyberattack on France’s Interior Ministry, where a suspected hacker accessed sensitive police data; a 22-year-old was detained. The French Interior Minister Laurent Nunez announced that threat actors compromised email servers at the Ministry of the Interior.

The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers gained access to some document files, though data theft remains unconfirmed.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, French bank accounts)