• France’s Ministry of Economy on Wednesday disclosed a breach that exposed information on 1.2 million bank accounts.Investigators discovered unauthorized access to the national bank account registry FICOBA.The ministrystatedon its website that a threat actor stole credentials belonging to an official and used them to access the database storing information on all bank accounts opened in France.The breach occurred in late January and impacted 1.2 million accounts, including IBANs, account holder names, addresses, and in some cases tax identifiers.The attacker’s access has been terminated and impacted individuals are being notified.Officials said the attacker would not have been able to conduct banking operations or even view account balances.Advertisement. • Scroll to continue reading.Nevertheless, individuals have been warned of potential scams and phishing attempts.Michael Jepson, penetration testing manager at CybaVerse, commented, “If individual members of an organisation can access large volumes of sensitive data unilaterally, this creates a structural weakness where a single set of compromised credentials can lead to widespread data exposure. • Any policy that allows broad access to sensitive systems via a single identity, without additional safeguards, introduces significant risk.““Traditionally, access scope often increased with seniority, an approach that is now widely recognised as problematic in modern threat environments,” Jepson said via email.“Modern security practice recognises that access should be determined strictly by operational need rather than hierarchy. • Senior figures are frequently primary targets for threat actors, which makes excessive privilege particularly dangerous,” he added.Related:Cyberattack Disrupts France’s Postal Service and Banking During Christmas RushRelated:Data Stolen in Eurofiber France HackRelated:Feds Seize Password Database Used in Massive Bank Account Takeover Scheme Investigators discovered unauthorized access to the national

Article Summaries:

  • France’s Ministry of Economy announced that a cyber‑breach exposed data on 1.2 million bank accounts in the national registry, FICOBA. Investigators found that a threat actor had stolen credentials belonging to a government official and used them to access the database in late January. The compromised data included IBANs, account holder names, addresses and, for some, tax identifiers. Access was terminated and affected individuals notified; the attacker could not perform banking transactions or view balances. Officials warned of potential phishing scams. Cyber‑security expert Michael Jepson highlighted the risk of broad, privilege‑based access and urged tighter, need‑based controls.

Sources: