SQ Magazine

Smarter Insights for a Fast-Moving Digital World

France Investigates 15-Year-Old Over Alleged ANTS Agency Hack

Published on: April 30, 2026
As Featured In
The New York Times LogoForbes LogoWired LogoDeloitte LogoResearch.com Logo

On April 30, 2026, Paris prosecutors disclosed that a 15-year-old detained on April 25, 2026 faces charges over the breach of France’s National Agency for Secure Documents (ANTS), which exposed 11.7 million accounts, according to ANTS.

Quick Summary – TLDR:

  • The April 30, 2026 prosecutor disclosure follows an April 25, 2026 arrest in which the suspect allegedly operated under the alias “breach3d” and listed between 12 and 18 million lines of stolen data on cybercriminal forums.
  • Exposed data categories include names, dates of birth, email addresses, postal addresses, phone numbers, and unique account identifiers from the ants.gouv.fr portal, according to ANTS.
  • Paris prosecutor Laure Beccuau requested an examination hearing and judicial supervision for the suspect; the charges carry up to 7 years in prison and a 300,000 euro fine, per French cybercrime law.
  • ANTS detected the intrusion on April 15, 2026 and confirmed the scale on April 24, 2026, per ANTS, notifying France’s CNIL data protection authority and ANSSI cybersecurity agency.

What Happened?

The 15-year-old was taken into police custody on April 25, 2026, suspected of being behind the alias breach3d, a hacker who had put on sale between 12 and 18 million lines of stolen data on cybercriminal forums. Paris prosecutor Laure Beccuau, Republic Prosecutor at Paris Court of Grande Instance, confirmed the arrest.

The suspect faces charges of unauthorized access, maintaining access, data extraction, data transmission, and possessing cyber intrusion tools targeting an automated personal data processing system implemented by the State. These offenses carry penalties of up to 7 years in prison and a fine of up to 300,000 euros.

The threat actor operating under the alias breach3d appeared on criminal forums on April 16 advertising the stolen data for sale. The French Interior Ministry confirmed on April 20, 2026 that ANTS detected a security incident on April 15, 2026 that may involve the disclosure of data from individual and professional accounts on the ants.gouv.fr portal. The breach disclosure timeline spanned five days from detection to public announcement.

Timeline of events:

  • April 13, 2026: ANTS detects unusual network activity.
  • April 15, 2026: Security incident formally identified.
  • April 16, 2026: breach3d lists stolen data on criminal forums.
  • April 20, 2026: French Interior Ministry publicly discloses breach.
  • April 24, 2026: ANTS confirms 11.7 million accounts impacted.
  • April 25, 2026: 15-year-old suspect placed in police custody.
  • April 30, 2026: Paris prosecutor publicly confirms charges and judicial supervision.

Scope of the Data Breach

ANTS published an update on April 24, 2026 where the agency confirmed that 11.7 million accounts were impacted by the breach. The threat actor claimed as many as 19 million records, and the discrepancy likely reflects the total size of the database accessed, including records that may not correspond to active accounts.

The exposed data includes login identifier, civility, name, first names, email address, date of birth, and unique account identifier. In certain cases, additional data not consistently present in all accounts may also be affected, including postal address, place of birth, and telephone number.

Documents uploaded during administrative procedures, such as application attachments, were not included in the data breach. ANTS emphasized that exposed information does not allow unauthorized access to its electronic portals but warned of phishing and social engineering risks.

The incident was notified to the CNIL in accordance with GDPR requirements, and a report was transmitted to the Paris Public Prosecutor to open a criminal investigation. The OFAC, France’s anti-cybercrime office, has been brought in to lead the technical investigation.

France’s Wave of Young Hacker Arrests

French authorities have detained three suspects aged 15 to 21 in cybersecurity attack cases within the first four months of 2026.

In January 2026, police arrested an 18-year-old suspected of leaking and reselling personal data belonging to more than one million members of the French Shooting Federation, known as FFTir. Criminals subsequently started using the leaked member data as a roadmap for burglary and firearm theft.

A 21-year-old suspected of conducting approximately 100 data breaches since late 2025 was arrested at his home in western France on April 20, 2026. The suspect, known online as HexDex, is accused of targeting a wide array of entities including 15 French sports federations, the Ministry of Education, the national firearm owner database SIA, and the police training platform e-campus.

Officials claim that HexDex is not responsible for the separate cyberattack on the ANTS portal.

Newsletter
Subscribe To Our Newsletter!

Be the first to get exclusive offers and the latest news.

Implications for Government Cybersecurity

ANTS processes applications for passports, national identity cards, residence permits, and driver’s licenses. The agency also oversees a government social media age-verification app, meaning the compromised portal sits at the center of France’s cybersecurity threat landscape.

The ANTS portal underwent maintenance to implement enhanced security measures following the breach. ANTS confirmed the data put up for sale was authentic and told police it had detected unusual activity on its network on April 13. The seven-day gap raises questions about GDPR Article 33’s 72-hour notification rule.

SQ Magazine’s Takeaway

SQ Magazine’s reading of the breach3d arrest centers on scale and pattern. A single teenager allegedly accessed 11.7 million identity records from a portal that manages passports, national IDs, and driver’s licenses. Three suspects aged 15 to 21 collectively compromised government agencies, sports federations, and educational platforms in four months.

Affected users should monitor for phishing attempts exploiting the stolen personal data, particularly emails referencing passport or identity card renewals. The CNIL investigation could result in GDPR enforcement action, and the judicial proceedings will test France’s juvenile cybercrime framework.

This article has been reviewed and fact-checked by Barry Elad. SQ Magazine follows strict Publishing Principles and a documented Fact-Check Policy to ensure accuracy, transparency, and editorial independence across all content.

Add SQ Magazine as a Preferred Source on Google for updates! Follow on Google News

References

Sofia Ramirez

Sofia Ramirez

Senior Tech Writer

Sofia Ramirez is a technology and cybersecurity writer at SQ Magazine. With a keen eye on emerging threats and innovations, she helps readers stay informed and secure in today’s fast-changing tech landscape. Passionate about making cybersecurity accessible, Sofia blends research-driven analysis with straightforward explanations; so whether you’re a tech professional or a curious reader, her work ensures you’re always one step ahead in the digital world.

Related Posts

Disclaimer: The content published on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Reader Interactions

Leave a Comment

Company
Discover
Categories
Internet
Gaming
Technology
Artificial Intelligence
Cybersecurity
Categories
Internet
Gaming
Technology
Artificial Intelligence
Cybersecurity