French government agency confirms breach as hacker offers to sell data

Zealotux

Great, now scammers can steal my identity directly from the government. I hope they release a tool to check if I'm impacted or at least email me about it.

loupol

I received the email telling me I am impacted today. Ironically it changes nothing for me as that same data had already been leaked by the French government agency that handles unemployment benefits a couple years ago. Silly me had not bothered deleting that account even after it was no longer necessary due to finding a new job.

ahigherugliness

19 millions de Français! Et moi, et moi, et moi.

rawgabbit

It seems to me we must move away from worrying about ransomware, data breach, data protection as that ship has already sailed and everyone's PII has already been stolen. We should think of how to verify people's identities online (for things like government benefits etc). I have heard of the Dutch and the Japanese using national digital identity systems although I am unclear how they work. India is doing biometrics. I am curious what the US will eventually land on.

hk__2

> the data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens Nothing really new here sadly, this information about me have leaked half a dozen of times in the past 2-3 years or so. These things will never change if the only penalty the company/agency gets is "send a message to your users saying you are sorry and that it won’t happen again".

_the_inflator

I trust Google more than any government with my data. One needs security to survive the other couldn’t care less. Google selling data? So far no one came to blackmail me for certain dispositions, while the other does as they want, IRS, foreign governments, social security whatever. Google can be sued while the other gives itself a pass. Who is the baddie? In Germany the administration put massive duties on IT providers and added punitive damage as a looming consequence. Fast forward and the government with its “Ha, we are so digital!” and “Europe is better than US in CS!” suddenly has to swallow some brutal medicine I guess. I stick to my guns: Silicon Valley and especially Google is art regarding code and CS evolution. Same for FAANG etc. EU is hubris to say the least. Every time someone says “Let’s build our own Google/Cloud/…” a penguin dies. E Invoice will be a brutal boomerang, XRechnung the greatest backdoor of all times. Your data, time to shift everything into the EU.

cynicalpeace

A possible outcome of AI-assisted hacking is that companies, governments, and people become more resistant to using software, and software adoption actually declines.

ChrisArchitect

Better link? https://www.bleepingcomputer.com/news/security/french-govt-a...

zh_code

Use Mythos!

hmokiguess

C’est la vie.

SilverElfin

Yet another example why NO ONE should trust age verification laws or companies like Anthropic forcing you to verify identity with shady companies like Persona ( https://news.ycombinator.com/item?id=47872608 ). Whatever info you give up, it’ll be exposed one day.

kleene_op

I find it especially ironic that they would leak all my data, given the fact that they would ask of me to forward them every piece of id imaginable whenever I needed to forge or amend a new one (when adding a mention on my driver's license for instance). Like they didn't have access to it anyway.

amelius

If governments are treating my personal data as if it is worth nothing, then I'm not going to treat copyrighted works as if they are worth something. If you want to build a society on information, then you cannot forget the most important group.

shevy-java

Governments may just be incompetent. Still, the lobbyists will never give up for mandatory age verification in the future.

duncangh

It’s kind of interesting that this happens so shortly after they proudly announced how easily they would’ve able to migrate all systems from Microsoft and US firms. Maybe next year will be the year of the Linux desktop

pembrook

Important to remember: this is the competency level of basically all governments who are currently proposing you be required to identify yourself using their proprietary identity systems anytime you visit a website to "save the children." There will be zero risks to you of course, because their software is magically perfect, unlike any other software created in the history of mankind.

yubblegum

This shit should be stored encrypted not in plaintext.

agentultra

There’s something to be said about old school bureaucratic institutions: it made breaches like this significantly more difficult to pull off and far less valuable as a result. It also ensured democratic participation by all of the people employed there making sure that processes are followed and making sure no one is cheating. We all knew that systems like this would get breached. It’s not a matter of, “if,” but, “when.” If we’re going to continue down this route because of convenience or surveillance and authoritarianism or whatever; people designing these systems need to thinking: When this system is breached… . And they should make sure there’s a good story for protecting people and the system from these sorts of events.

dang

Url changed from https://techcrunch.com/2026/04/22/france-confirms-data-breac... , which points to this.

mixxit

We are going to leak everything from our sexual health records to our HR files It's the age of the leak and the sooner we accept, no matter our efforts, we live in a security free world and design around that - the better