Authority for secure IDs cracked: 15-year-old arrested
Millions of data records from French "secure IDs" fell into the wrong hands. Not a foreign intelligence agency, but a boy is suspected.
(Image: Tatoh/Shutterstock.com)
19 million data records from the French authority for secure IDs (ANTS) were offered for sale online in April. ANTS subsequently had to admit a breach of its system. Fortunately, it didn't take long for a suspect to be taken into police custody: A 15-year-old boy is officially suspected of having contributed to the illegal data acquisition. He faces up to seven years in prison and fines of up to 300,000 euros.
This was announced by the Paris public prosecutor's office on Thursday. An investigating judge is now dealing with the case. The minor suspect is believed to be behind the pseudonym breach3d, under which the data set was offered for sale online. According to a statement from the ANTS ID authority on April 21, the stolen data records contain username, title, first and last name, email address, date of birth, account number, and, for some accounts, also postal address, place of birth, and phone number. The authority has confirmed the authenticity of the data records offered for sale.
C'est embarrassant
ANTS (Agence nationale des titres sécurisés) is also known as France Titre. It is a department of the French Ministry of the Interior. It is responsible for issuing passports, identity cards, as well as driving licenses for road vehicles and motorboats, as well as documents for vehicle registration, residence permits, visas, and a range of other IDs and documents for stays and border crossings. However, the documents are printed by the state printing office (Imprimerie nationale).
If the incident was not caused by well-equipped, hostile spies or other organized criminals but by a single teenager, it would not be a badge of honor for the French Ministry of the Interior. Neither ANTS nor the public prosecutor's office has disclosed how the illegitimate access to the database was achieved.
Videos by heise
While ANTS speaks of 11.7 million data records, the public prosecutor's office states twelve to 18 million. It is unclear when the perpetrator accessed the database or when this was noticed. Initially, it was stated that the incident was discovered on April 15, but the official information currently points to March 15. The public prosecutor's office names April 13, but the report was only filed on April 16. The publication for the purpose of warning those affected occurred on April 22.
(ds)
