France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal.
France Titres, also known as the Agence nationale des titres sécurisés (ANTS), operates under the French Ministry of the Interior and manages systems for official identity and registration documents, including driver’s licences, national ID cards, passports, and immigration documents.
According to the agency, the incident was detected on Wednesday, April 15, and remains under investigation, with multiple data types potentially exposed for an undisclosed number of individuals.
Exposed data may include login ID, name, email address, date of birth, and a unique account identifier, with some records also containing postal address, place of birth, and telephone number. ANTS confirmed that affected individuals have already been notified.
“The disclosure of data does not include additional data submitted during the various procedures, such as attachments. This personal data does not allow unauthorized access to the portal account,” ANTS said in the announcement.
Despite this, the agency advises caution against potential phishing attempts.
“No action is required from users. However, we recommend that they exercise extreme caution regarding any suspicious or unusual messages they may receive (SMS, calls, emails, etc.) that appear to originate from ANTS.”
ANTS notified the CNIL, France’s data protection regulator, as required under GDPR. It also reported the incident to the Paris public prosecutor to open a criminal investigation and informed the ANSSI, the country’s national cybersecurity authority.
The agency stated that it has implemented additional security measures to maintain portal operations and protect user data. It warned that any sale or distribution of the data is illegal.
