French authorities have opened a formal investigation into a 15-year-old suspected of orchestrating one of the country’s largest identity-data breaches, underscoring the growing vulnerability of centralised public databases. According to Reuters, the Paris prosecutor’s office said the minor is accused of hacking a government agency responsible for issuing identity documents and attempting to sell stolen data on the dark web.
The suspect, detained on April 25 and questioned in police custody, is believed to have operated under the alias “breach3d”. Prosecutors allege that between 12m and 18m records were extracted and offered for sale on cybercrime forums, potentially exposing sensitive personal information belonging to millions of French citizens.
The breach targeted the National Agency for Secure Documents (ANTS), which manages applications and records for passports, national identity cards and driving licences. The agency reportedly detected unusual activity earlier in April before confirming that data circulating online was authentic, raising concerns about systemic weaknesses in state-managed digital infrastructure.
Under French law, unauthorised access to state systems and large-scale data theft carry penalties of up to seven years in prison and fines reaching €300,000. The case, however, is complicated by the suspect’s age, highlighting the increasingly youthful profile of cyber offenders.
Beyond the immediate legal proceedings, the episode has intensified debate over the risks inherent in centralised repositories of citizen data. Critics argue that while such systems promise administrative efficiency, they create single points of failure attractive to hackers. The incident also illustrates how cybercrime ecosystems enable even relatively inexperienced actors to monetise stolen data quickly through online marketplaces.
France’s investigation reflects a broader European anxiety about digital resilience at a time when governments are expanding e-governance systems. As cyberattacks grow in scale and sophistication, policymakers face the difficult trade-off between convenience and security—one that this breach has rendered starkly visible.
