Data Breach Financial Services / Government · France · February 2026

FICOBA (French National Bank Account Registry)

Analysis of the FICOBA breach exposing 1.2 million French bank account records from the national registry.

Records Affected

1.2 million bank account records

Attack Type

Data Breach

Location

France

Data types exposed

Bank account numbers account holder names addresses tax identification numbers

What Happened

In late January 2026, it was reported that 1.2 million records from FICOBA, the French national bank account registry maintained by France's tax authority DGFiP, had been exposed.
The compromised data includes sensitive bank records linking individuals to their bank accounts, creating direct implications for financial fraud and tax-related identity theft.

Timeline

  • Late January 2026 — Stolen civil servant credentials used to query FICOBA database, extracting 1.2 million records
  • February 18, 2026 — Incident publicly disclosed
  • February 2026 — Credentials revoked; CNIL and ANSSI engaged in response

Impact and Risk Assessment

For Individuals

1.2 million bank account records were exposed, linking individuals to their bank account numbers and tax identification numbers.
The data enables direct debit fraud, as bank account numbers can be used to set up unauthorised direct debit mandates in some European payment systems.
Tax identification numbers combined with bank details create a comprehensive financial identity profile that is difficult to change.

For Organisations

French financial institutions may face increased fraud attempts using the exposed bank account and identity data.
The DGFiP faces scrutiny over access controls and credential management for systems holding national financial data.

Regulatory Context

CNIL (France's data protection authority) has been notified. ANSSI (France's national cybersecurity agency) is working to restore the system with enhanced security.
GDPR applies, with potential fines for inadequate access controls on a national financial registry.

What Should You Do?

For Individuals

  • If you hold a French bank account, monitor your account statements for unauthorised direct debit transactions.
  • Contact your bank to review and restrict direct debit authorisations on your account.
  • Be alert to phishing attempts that reference your banking or tax details.

For Security Professionals

  • National financial registries require the highest levels of access control, including privileged access management, session monitoring, and query-level auditing.
  • Stolen credentials of authorised users remain one of the most effective ways to bypass perimeter security. Implement behavioural analytics to detect anomalous query patterns.

Learnings and Recommendations

National financial registry data represents some of the most sensitive information a government holds. The exposure of bank account linkages enables financial fraud at a systemic level.
Government agencies holding critical financial infrastructure data should apply the highest levels of access control and monitoring.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories