French Ministry of Economy and Finance Announces Data Breach Affecting 1.2 Million Bank Accounts

Unauthorized Access to National Bank Account Database

The French Ministry of Economy and Finance confirmed on Wednesday, February 18, 2026, that a significant data breach has compromised approximately 1.2 million bank accounts within a national database. The ministry stated that a 'malicious actor' gained illegal access to the sensitive information by utilizing stolen credentials belonging to an official.

Investigations conducted by the Public Finances Directorate General (DGFiP) revealed that the unauthorized access began in late January 2026. The affected system is identified as the FICOBA (Fichier des comptes bancaires et assimilés) database, which centralizes information on all bank accounts opened with financial institutions across France.

Compromised Data and Official Response

The data accessed by the malicious actor includes various personal details associated with the bank accounts. According to the Ministry, the compromised information encompasses:

• Bank details
• Account holder's identity
• Address
• In certain cases, the user's tax identification number

However, the Ministry has assured the public that account balances were not consulted during the intrusion. Upon detection of the breach, authorities promptly implemented measures to restrict access, halt the intrusion, limit the amount of data consulted or extracted, and prevent any further unauthorized access.

Measures Taken and Public Advisory

In response to the incident, the French Ministry of Economy and Finance has taken several steps. Banking institutions have been officially informed about the breach and have been urged to advise their clients to exercise heightened vigilance regarding potential fraudulent communications. The incident has also been reported to the French Data Protection Authority (CNIL), and a formal complaint has been filed.

Authorities have issued warnings that the exposure of this information could be exploited for various illicit activities, including identity theft, phishing, and other financial scams. Affected individuals are expected to be notified individually about the breach.