Data Breach Exposes 1.2 Million French Bank Accounts, Authorities Warn of Fraud Risks

On February 18, 2026, French authorities revealed a major security breach involving the national bank account file, Ficoba, which catalogs all bank accounts in France. Approximately 1.2 million accounts were compromised after a malicious actor illicitly accessed the database since late January by stealing the credentials of a government official, according to the Ministry of Economy and the General Directorate of Public Finances (DGFiP).

The sensitive data exposed includes bank account numbers (RIB/IBAN), identities of account holders, their addresses, and occasionally their tax identification details. While the breach did not give access to the money in accounts, this information can be exploited by cybercriminals to conduct unauthorized withdrawals by abusing subscription services or launching sophisticated phishing campaigns using victim details to appear legitimate.

The French tax authorities have stated that affected individuals will be notified through their banks in the upcoming days. Users are strongly advised to vigilantly monitor their bank statements for suspicious activities and remain cautious towards any unsolicited communications claiming to be from banks, especially those requesting sensitive information via email or phone, which legitimate banks do not do.

If fraudulent activity is detected, victims should promptly block transactions, retain evidence, and report incidents to the authorities. The breach raises significant concerns about the security of France's financial data systems and has sparked warnings about improving controls over bank authorizations and data protection across the sector.

This unprecedented breach of Ficoba—an essential database created to consolidate all types of French banking accounts including savings, securities, and safe-deposit boxes—reveals vulnerabilities that experts urge to address swiftly to prevent similar attacks in the future.