French Government Agency ANTS Detects Security Incident, Citizen Data Potentially Exposed
On April 15, 2026, the Agence Nationale des Titres Sécurisés (ANTS), a French government agency responsible for administrative documents, detected a security incident. A threat actor, 'breach3d', later claimed the attack on hacker forums, alleging to possess up to 19 million records containing citizen data, including login IDs, full names, email addresses, dates of birth, unique account identifiers, and potentially postal addresses and phone numbers. ANTS confirmed the incident and is notifying affected individuals.
Signal context
First seen: Apr 15, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Security incident detected on April 15, 2026.
- Threat actor 'breach3d' claimed responsibility and offered to sell 19 million records.
- Potentially exposed data includes login IDs, names, email addresses, dates of birth, and contact information.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Public Administration
Likely country: 🇫🇷 France
inferred from company domain
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 2 signals in the same sector
- 95 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Major Data Breach at France Titres Exposes Personal Information of Millions of Citizenshttps://www.cybersecurity-insiders.com/major-data-breach-at-france-titres-exposes-personal-information-of-millions-of-citizens/Public source from cybersecurity-insiders.com.
Cyberattack on French government agency triggers phishing alerthttps://www.helpnetsecurity.com/2026/04/22/france-titres-online-portal-data-breach/Public source from helpnetsecurity.com.
French govt agency confirms breach as hacker offers to sell data - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/Public source from bleepingcomputer.com.
Agence Nationale des Titres Sécurisés (2026-04-15) Cyber-Attack Hack Breach - The Cyber Security Incident Database (CSIDB)https://csidb.org/incidents/agence-nationale-des-titres-securises-2026-04-15-cyber-attack-hack-breach/Public source from csidb.org.
Related signals
Grouped by why the signal is relevant.
CISA Contractor Nightwing Exposed Sensitive Government Credentials on Public GitHub
A public GitHub repository named 'Private-CISA', maintained by a contractor from Nightwing, a government defense contractor, was found to have exposed highly sensitive internal credentials and systems used by the US Cybersecurity and Infrastructure Security Agency (CISA). The repository, publicly accessible from November 13, 2025, until May 18, 2026, contained 844 MB of CISA's internal DevSecOps infrastructure, including administrative credentials for AWS GovCloud accounts, plaintext usernames and passwords for internal CISA systems, SSH keys, and an RSA private key. The contractor reportedly disabled GitHub's default secret-scanning push protections. Public reporting and analysis of the exposure occurred around May 18-29, 2026.
Snyk Affected by Klue Supply Chain Data Breach
Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Jamf Customer Data Exposed in Klue Supply Chain Attack
Jamf, a provider of Apple device management solutions, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data stored in Salesforce instances, stemming from compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.
Sprout Social Data Compromised in Klue Supply Chain Attack
Sprout Social, a social media management platform, was among the companies affected by the Klue supply chain attack. The incident led to unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.
Gong Customer Data Exposed in Klue Supply Chain Attack
Gong, a revenue intelligence platform, was among the organizations impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform. The Icarus extortion group claimed responsibility for the attack.
OneTrust Customer Data Exposed in Klue Supply Chain Attack
OneTrust, a privacy, security, and governance technology company, was among the organizations affected by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.