Teen Hacker: Inside the French Government Agency Data Breach

Authorities in France have taken a 15-year-old into custody on suspicion of selling data that was stolen during a cyberattack on France Titres (ANTS), the country’s agency responsible for issuing and managing administrative documents.

The breach was confirmed by the government agency, with data being offered for sale on a cybercriminal forum by an individual using the alias ‘breach3d’.

On April 13, ANTS detected unusual activity on its network and reported the incident to authorities on April 16, according to the Paris Prosecutor’s Office.

Following an investigation, authorities believe that the 15-year-old suspect operated under the pseudonym ‘breach3d’ and attempted to sell between 12 and 18 million records stolen in the ANTS data breach.

The minor is facing charges for unauthorized access, persistence, and data exfiltration from a state-run automated personal data processing system, as well as for possession of software enabling these offenses.

If convicted, the minor could face up to seven years in prison and a fine of EUR 300,000, as stated in a press release by the Paris Prosecutor’s Office.

A judge is currently overseeing the case, with prosecutors seeking formal charges and requesting that the minor be placed under judicial supervision based on the evidence gathered.

Personal information exposed

ANTS revealed on April 20 that a threat actor had breached its systems and accessed data from individual and professional accounts on the ants.gouv.fr portal.

The agency identified compromised data types such as full names, email addresses, dates of birth, postal addresses, and phone numbers.

Following a claim by a threat actor that up to 19 million records were stolen in the attack, ANTS confirmed that 11.7 million accounts were affected, and the stolen data was not usable for unauthorized access.

Pending the decision of the investigating judge, the 15-year-old suspect has not yet been formally charged.