The Ministry of Economy announced on February 18, 2026, that a malicious actor illicitly accessed the national bank accounts file (Ficoba), viewing data from 1.2 million accounts since late January. The exposed information includes banking coordinates, holders' identities, addresses, and sometimes fiscal identifiers. Authorities have restricted access and plan to notify affected individuals.
On February 18, 2026, the Ministry of Economy, through Bercy, disclosed a breach in the national bank accounts file (Ficoba), managed by the General Directorate of Public Finances (DGFiP). A 'malicious actor' usurped a civil servant's credentials to access the system from late January 2026, thereby viewing data from 1.2 million accounts.
Ficoba lists all accounts opened in France, including current accounts, savings books, PEA, securities accounts, and safe deposit boxes. The compromised data includes banking coordinates (RIB/IBAN), the holder's identity, address, and in some cases, the fiscal identifier. According to the DGFiP, this file does not allow viewing balances or performing banking operations.
Upon detecting the incident, immediate measures were implemented to restrict access, limit data extraction, and prevent further breaches. Holders of affected accounts will receive individual notifications in the coming days. A complaint has been filed, and the incident reported to the National Commission for Information Technology and Liberties (CNIL).
Teams from the DGFiP, the Ministry of Finance, and the National Agency for the Security of Information Systems (ANSSI) are mobilized to address the incident and strengthen system security. Bercy emphasizes that services are fully committed to restoring operations under secure conditions.
