France arrests 15-year-old hacker who stole data of 11.7 million people

French authorities have detained a 15-year-old suspect in connection with the recent ANTS data breach, which exposed millions of sensitive user records on cybercrime forums.

According to a statement published earlier today by Paris public prosecutor Laure Beccuau, the minor was taken into custody on April 25 on suspicion of contributing to the compromise of systems belonging to the Agence nationale des titres sécurisés (ANTS), also known as France Titres. Investigators believe the suspect operated under the alias “breach3d,” the same handle used to advertise a database containing between 12 and 18 million records on underground forums earlier this month.

The breach first came to light on April 13, when ANTS detected unusual activity on its network. Shortly after, data samples began circulating in cybercriminal communities, with the threat actor claiming possession of a large dataset containing personally identifiable information (PII). French cybercrime authorities were alerted in April and began coordinating an investigation. By April 16, the cybercrime unit of the Paris prosecutor’s office had formally opened a case, citing unauthorized access, persistence within a state data processing system, and fraudulent data extraction.

ANTS is a key government agency in France, responsible for issuing and managing official documents such as national ID cards, passports, driver’s licenses, and vehicle registration certificates. The platform ants.gouv.fr serves millions of French citizens and businesses, making it a high-value target for attackers seeking identity data. Initial assessments indicate that approximately 11.7 million user accounts may have been affected, with exposed data including names, email addresses, dates of birth, and account identifiers. In some cases, additional details such as postal addresses, phone numbers, and places of birth may also have been included.

Authorities have emphasized that more sensitive materials, such as uploaded documents or biometric data, were not compromised. However, the scale and nature of the exposed information raise concerns about phishing, identity theft, and social engineering attacks.

The suspect now faces serious charges, including unauthorized access and maintenance within a state-operated automated data system, as well as extraction and handling of stolen data. These offenses carry penalties of up to seven years in prison and fines of €300,000 under French law.

The incident also triggered notifications to France’s data protection authority (CNIL) and prompted involvement from ANSSI, the national cybersecurity agency. Meanwhile, the Ministry of the Interior has launched an administrative review to determine accountability and assess systemic weaknesses.

For impacted users, ANTS has advised resetting account passwords and remaining vigilant against suspicious communications, particularly messages impersonating official agencies.