Wedoany.com Report on Feb 24th, The French Ministry of Finance recently disclosed that the country's official bank account registration system, FICOBA, experienced an unauthorized access incident in late January 2026, putting sensitive information of approximately 1.2 million bank accounts at risk of leakage. This intrusion did not exploit a software vulnerability; instead, attackers bypassed traditional security controls by using stolen civil servant credentials to gain illegal access to the system. This incident once again sounds the alarm on data security, highlighting the critical role of internal credential management within the overall data security framework.

The General Directorate of Public Finances stated in a declaration that the attackers "were able to consult a portion of this file listing all bank accounts opened in French banking institutions, which contains personal data: bank details (RIB/IBAN), holder identity, address, and in some cases the user's tax identifier." The statement emphasized that the FICOBA registry itself does not store transaction records or account balances, but the key identity and account identification information it contains remains highly sensitive. Relevant authorities have activated emergency response mechanisms for the data security incident.

FICOBA is directly operated by the French tax authorities and is primarily used to track the account holders and geographical locations of bank accounts within the country. It is a crucial infrastructure for financial supervision and tax enforcement. Although the leaked data does not involve fund movement records, the combination of account holder identity, address, bank account number, and tax identifier could still be used for targeted phishing, identity theft, or social engineering attacks.

After detecting the anomalous access, authorities quickly took measures to restrict system permissions, but the risk that the data may have already been disseminated cannot be entirely ruled out. As a preventive measure, the FICOBA registry has been temporarily taken offline, with no clear timeline for restoration. The French National Commission on Informatics and Liberty has launched an investigation to conduct a technical assessment of the incident's scope and provide guidance on subsequent data security protection measures.

The tax authorities, in collaboration with the Ministry of Finance and the national cybersecurity agency, are comprehensively strengthening access control policies and credential security reviews to facilitate the system's return to secure operations as soon as possible. This incident once again proves that, even in the absence of technical vulnerabilities, the misuse of legitimate credentials can pose a significant threat to critical information infrastructure. Effective identity governance, behavior monitoring, and the deployment of zero-trust architectures have become crucial for preventing such identity-driven risks and fortifying data security defenses.