ANTS Breach Confirmed After Security Incident Hits France’s Identity Portal

France has confirmed an ANTS breach after a security incident hit the government portal tied to identity documents, passports, driving licenses, and other official title-related services. According to the Ministry of the Interior, the incident was detected on April 15, 2026, and may involve the disclosure of data from both private and professional accounts on ants.gouv.fr.

That already makes this a serious government data breach. ANTS, now also operating under the France Titres name, is not some small public-facing service with a narrow audience. It sits in the middle of official identity and title administration across France, which means even a limited breach tied to the portal immediately carries more weight than the average account leak.

The official notice says the exposed data may include login identifiers, civil status information, names, first names, email addresses, dates of birth, and a unique account identifier. It also says some accounts may include other data that is not always present, such as a postal address, place of birth, or phone number. A notification letter circulating online and attributed to France Titres points to additional exposure on some professional accounts, including company name, SIREN, portal ID, accreditation or approval numbers, account identifiers, and contact details. Even the narrower official version of the breach is not small.

The French government is also trying to draw a boundary around what was not exposed. According to the ministry, the incident does not concern supporting documents uploaded as part of user procedures, and the disclosed data should not allow direct illegitimate access to ANTS portal accounts. That helps, but it does not clean this up. A breach involving names, birth data, email addresses, account identifiers, and in some cases postal addresses and phone numbers is still more than enough to support phishing, impersonation, and other identity-linked abuse, especially when the service involved is tied to state-issued documents.

That is one reason the sale claims around the ANTS breach spread so quickly. A forum post circulating online claims the stolen database contains around 18 million records, with other posts pushing that number toward 19 million. Those claims describe a broader set of exposed fields, including full legal names, multiple given names, maiden or usage names, personal email addresses, verified mobile numbers, full street addresses, detailed birth data, internal usernames, and account certification status. If that full claim is accurate, the breach would be much worse than the current official public framing. The problem is that France has not confirmed that number.

That distinction needs to stay clear. The ANTS breach is confirmed. The broader 18 to 19 million record claim is not. Right now, the public is looking at two layers of the same story. The first is official and already serious on its own. The second is the much larger sale claim circulating in screenshots and posts. That second layer may turn out to be accurate, partly accurate, or inflated. Until the authorities say more, the safer line is that the breach is real, the service involved is highly sensitive, and the final scale is still unresolved.

The official warning already tells people what kind of fallout the authorities are worried about. Affected users are being told to be extra vigilant about calls and emails they may receive. That is a very direct signal. Once a government service starts warning users about incoming contact attempts after a breach, the concern is no longer abstract. It means the data that may now be outside the system is useful enough to support fraud attempts, phishing messages, impersonation, and other social engineering aimed at people who trust official-looking communications.

That risk is easy to understand in a case like this. A fake message about a passport, a driving license file, an identity renewal, a missing document, an account problem, or a request to verify information becomes much more convincing once an attacker has real names, dates of birth, account identifiers, contact details, or professional portal information to work with. The service itself gives the scam its credibility.

The French authorities are still being careful with their wording. The ministry says technical investigations are ongoing and are meant to determine the precise origin and full extent of the incident. CNIL was notified under GDPR rules. A report was sent to the Paris public prosecutor. ANSSI was alerted. Security measures were reinforced to maintain continuity of service and strengthen protection around the portal while the investigation continues. All of that shows the state is treating the incident seriously. It also shows there are still important parts of the story the public does not have yet.

That gap is what keeps the ANTS breach from feeling settled. France has confirmed the incident. France has confirmed that account-linked data may have been disclosed. France has not publicly confirmed the larger 18 to 19 million figure being pushed in sale claims. The breach is real. The final scope still is not.

Anyone with an ANTS or France Titres account should treat unexpected calls, emails, and account-related messages with much more suspicion than usual for the time being, especially if the contact mentions identity documents, passport renewal, license status, account verification, or missing information. The official version of the breach already includes enough personal data to support convincing fraud attempts.

The ANTS breach is no longer just a screenshot attached to a sale post. France has confirmed that the incident happened. What remains open is how large it is, how much data actually left the portal, and whether the much louder claims now circulating online turn out to reflect the real size of the breach or only the noisiest version of it.