- Hackers breached France’s FICOBA registry and stole data on 1.2 million bank accounts
- Exposed details include IBANs, addresses and taxpayer IDs, enabling SEPA debit fraud
- Authorities took FICOBA offline, restored access, and are notifying affected users
The French National Register of Bank Accounts (FICOBA), a government body that manages a register of all bank accounts in France, has suffered an attack in which hackers obtained information on 1.2 million user accounts, including some quite sensitive data that could be exploited in subsequent cyber attacks and fraud campaigns.
The news was confirmed by the French Ministry of Finance, which said login details were stolen from a government official and used to access a database containing all bank accounts opened in French banking institutions.
From there, the unidentified criminals took data from 1.2 million user accounts, including bank account details (RIBs and IBANs), account holder identities, postal addresses and, in some cases, taxpayer identification numbers.
Not purely theoretical
Although this information can be used in all kinds of fraudulent activities, perhaps the most concerning is SEPA direct debit fraud.
In the Single Euro Payments Area (SEPA) system (of which France is a part), knowing someone else’s IBAN can allow a fraudster to initiate unauthorized direct debit mandates with certain merchants. Banks can reverse fraudulent charges, but victims will nonetheless experience financial loss and possible administrative burdens.
This is not a theoretical risk either Bleeping Computer notes, banks were already notified of several email and SMS campaigns circulating, attempting to steal data or money directly from recipients.
French citizens and bank customers are advised to be vigilant, not to respond to these emails and to contact their bank directly with questions. We do not know how successful these campaigns have been.
After discovering the attack, French authorities restricted access and pulled FICOBA offline. Since then it has been restored and is currently operating as normal. Users affected by this attack are currently being notified one by one.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
