France opens formal probe into teenage suspect in massive ID data breach

PARIS, France – The Paris prosecutor’s office has opened an investigation into a 15-year-old, suspected of having hacked the country’s ID agency and trying to sell the data of millions of French people on the dark web this month, it said on Thursday, April 30.

The teenager, whose identity was not revealed, was detained on April 25 and held in police custody for questioning after he was suspected of hiding behind the nickname “breach3d,” a hacker who had put on sale on hacker forums between 12 million and 18 million lines of stolen data, the prosecutor’s office said.

Fraudulent access and theft of data managed by the state carries a punishment of up to seven years in jail and a fine of as much as 300,000 euros ($350,000).

ANTS, the agency that stores personal data from French citizens such as ID cards, passports, driving licences and licence plates, confirmed the data put up for sale was authentic and told the police it had detected “unusual activity” on its network on April 13.

“The situation is quite serious, to be honest. Fortunately, it doesn’t involve classified state data, particularly the most important data from the Ministry of the Armed Forces”, French Prime Minister Sebastien Lecornu said.

ANTS is also handling the age-verification app that is intended to prevent children under 15 from gaining access to social networks.

On April 22, nine days after the breach, the agency sent millions of French citizens an email advising them about the cyberattack and recommending extra caution as they may receive unwanted calls or emails, and told them never to disclose personal information.

The agency added all necessary measures were taken, without specifying what they were.

The cyberattack has raised questions in France over the safety for citizens to have all their information stored in a centralized database. – Rappler.com