The cyberattack which targeted the National Agency for Secure Titles took a major legal turn. A 15-year-old teenager, suspected of being the “breach3d” hacker behind the ANTS data leak, was arrested and then presented to investigating judges in Paris.
The security incident, detected on April 15, 2026 on the France Titles portal, concerns, depending on the State, between 11.7 and 12 million user accounts. ANTS manages identity cards, passports, driving licenses and registration cards: suffice to say that this affair touches the heart of administrative procedures, while raising serious questions about the cybersecurity of online public services.
ANTS data leak: what exactly are we blaming the 15-year-old minor for?
Arrested on April 25, the young suspect was placed under judicial supervision after his presentation to investigating judges. According to Paris prosecutor Laure Beccuau, he is targeted for several breaches of an automated personal data processing system implemented by the State. These offenses can be punished by up to seven years in prison and a fine of 300,000 euros.
Investigators suspect him of being “breach3d”, the pseudonym under which between 12 and 18 million lines of data from ANTS were offered for sale on hacker forums. The investigation, carried out by the Anti-Cybercrime Office, must still clarify whether he acted alone and trace in detail the methods used. The minor remains presumed innocent as long as no conviction has been handed down.
ANTS hacking: what data was leaked and what risks for the French?
The stolen information includes login ID, first name, last name, date of birth, email address and a unique account identifier, sometimes supplemented by postal address, telephone number and place of birth. The authorities assure that neither the supporting documents submitted nor the biometric data have been affected.
Concretely, the first risk is very credible phishing. Using your name, date of birth and email, scammers can create fake ANTS or France Titles messages claiming to correct your identity card or license to trick you into clicking on a link or giving other data. These elements can also fuel identity theft attempts to open online accounts or facilitate administrative fraud. Urgent emails asking to pay a tax or validate a document should ring a bell.
ANTS cyberattack: what consequences for the investigation and state cybersecurity?
According to several sources, the attack exploited an IDOR type vulnerability, which allows access to other people’s data by modifying an identifier in a poorly controlled request. This type of flaw is however well known to specialists and had already been reported around ANTS. Matignon speaks of “a deeper and less visible threat” against state action and has referred the matter to the General Inspectorate of Administration as well as the CNIL. It remains to be seen whether this shock will lead to a real leap in the security of public digital services.