France’s critical FICOBA database breached: 1.2 million bank accounts accessed via single official’s credentials

France’s Ministry of Economy has confirmed that a hacker accessed data linked to 1.2 million bank accounts in the state-run FICOBA database using stolen credentials from a single government official. While no funds were compromised, experts warn of significant phishing and fraud risks.

According to French media reports, the attacker used stolen login credentials belonging to a government employee to consult parts of the FICOBA database — the centralized registry of all bank accounts opened in France. The exposed data reportedly includes account holder names, addresses, IBAN numbers, and in some cases, tax identification numbers.

• Preliminary findings indicate that multi-factor authentication (MFA) was not enabled on the compromised account, significantly lowering the barrier for unauthorized access. The absence of an additional authentication layer appears to have been a critical weakness.

• FICOBA (Fichier des Comptes Bancaires et Assimilés) is one of France’s most sensitive financial systems. It allows tax authorities and other government bodies to monitor banking relationships and combat financial crimes, including money laundering.

• Officials stress that the attacker did not gain access to account balances or transaction histories and could not modify or delete records. The unauthorized access was reportedly blocked once detected.

However, cybersecurity researchers warn that even without access to financial transactions, the exposure of personally identifiable information and tax identifiers presents serious risks. Such data can be combined with other leaks to craft highly targeted phishing campaigns impersonating banks or government institutions, increasing the likelihood of fraud and identity theft.

The breach comes amid a broader wave of cyber incidents in France, including large-scale data leaks affecting France Travail and other government entities.

France has faced a series of attacks targeting public institutions and critical infrastructure in recent months. Experts increasingly point to systemic weaknesses, including underinvestment in modern cybersecurity controls such as mandatory multi-factor authentication and strict access segmentation.

The FICOBA incident illustrates how a single compromised account can open the door to massive data exposure at a national scale.

The FICOBA breach highlights how fundamental access control failures can undermine critical financial infrastructure. Even in the absence of direct financial losses, the exposure of personal and tax data may fuel large-scale phishing, fraud, and identity theft campaigns in the near future.