French authorities on Wednesday announced a “malicious actor” had illegally accessed a portion of the country’s National Bank Accounts File (FICOBA) recording all bank accounts in the country.

The sensitive government database holds data on more than 80 million individuals, according to the CNIL, France’s data protection authority. In an email to Recorded Future News, a spokesperson for the French government said potentially 1.2 million accounts of more than 300 million were impacted by the incident.

The system is operated by the Directorate General of Public Finances (DGFiP), which said the hacker impersonated a civil servant “whose credentials allowed access as part of interministerial information exchanges” to query part of the FICOBA database.

That database “lists all bank accounts opened in French banking institutions” and contains a range of personal data, including account numbers, names, address and, in some cases, tax identification numbers.

“The Ficoba file is a list of bank account details, but it does not provide access to the accounts themselves, nor to account balances, nor to transactions,” a DGFiP spokesperson said.

It is widely used by tax, customs and law enforcement agencies for fraud detection, tax enforcement and judicial investigations, according to the French authorities.

The malicious activity began in late January and was detected internally, triggering measures that limited the amount of exposed data, according to the DGFiP statement.

DGFiP said affected individuals will be notified directly by Monday at the latest and that banks have been alerted to warn customers about potential follow-on fraud and phishing attempts.

Cybersecurity teams from the finance ministry and France’s national cybersecurity agency, ANSSI, are assisting with the investigation and the broader effort to harden the system against further compromise.

The disclosure comes as European governments face sustained pressure to improve the security of large, centralized administrative databases, which have become high-value targets for cybercriminals and espionage-linked actors seeking both financial data and identity information.

In its November report, the EU’s cybersecurity agency ENISA warned that public administration “represents a high-value target for state-nexus intrusion sets mainly due to the strategic value of data collection, for economic or defence purposes.”

No attribution has yet been made in this incident.