A hacker accessed data from 1.2 million French bank accounts using stolen credentials belonging to a government official, according to the French Economy Ministry. The breach involved a national bank account database and allowed the attacker to consult information such as account numbers, names, addresses and, in certain cases, the account owner’s tax number, but did not reveal balances or transactions.
Since the end of January, the attacker reportedly used the stolen credentials to access and view parts of the file of all accounts opened in French banks. After detecting the intrusion, authorities said the threat actor was blocked and there was an effort to prevent data from being removed. The Economy Ministry has filed a criminal complaint and notified CNIL, France’s data protection authority, while stating that it remains unclear whether the attacker is a nation-state actor or a cybercriminal.