Here we go again:
Fuite de données: l’Agence nationale des titres sécurisés, en charge des cartes d’identité et des permis de conduire, a été visée par une attaque informatique Fuite de données: l'Agence nationale des titres sécurisés, en charge des cartes d'identité et des permis de conduire, a été visée par une attaque informatique
Marvellous.
Gives me a warm fuzzy feeling about all the time and effort I spend trying to keep data secure at my end.
I just work on the assumption that everything is compromised and, if we’re lucky, they might actually admit it.
However, I do get surprised at how many French websites ask for your date of birth and I never enter my real one unless it’s an official organisation that genuinely needs to know.
Makes GDPR a joke doesn’t it.
Actually ANTS is supposed to develop into one single source for all French offical documentation you’re meant to have. Would eventually include all your data if you’re applying for a visa, for example.
I’m wondering what fine is ANTS going to receive for this data breach same as any commercial company would. And it’s about time each victim or even potential victim, of every data breach was required to personally receive a 3-figure sum in compensation which would begin to reflect the damage - which usually goes on for years. Until that time it seems all governments are doing is paying lip service.
With all data being stored on the Central Scrutinizer’s system, if it gets hacked, it becomes quite likely you would need a completely new ID, social security details possibly a new name. Stupid idea and echoes the control they want over everything and everyone.
And who knows what if the ‘wrong people’ get in charge
Thanks for the earworm 
Reading articles about this hack, I was quite surprised to learn that the average person in France has over 100 online accounts/passwords. That struck me initially as quite high, but plausible. I then went through my own list, out of curiosity..I have 65 online accounts.
ANTS or another agency will apparently contact all affected users directly. That will presumably take some time.
I am the lucky recipient of an email from ANTS/FRANCE TITRES explaining my personal data has possibly/probably been hacked…Possibly as a result of my recent driving licence exchange..
Have a nice day from ANTS/FRANCE TITRES!
“Bonjour,
Le 15 avril dernier, l’agence nationale des titres sécurisés (ANTS) a eu connaissance d’un incident de sécurité sur son site.
Cet incident a entraîné un accès non autorisé à certaines données personnelles associées à votre compte usager dont :
- les données relatives à votre état civil (nom et prénom) ;
- les identifiants de connexion (identifiant de compte et adresse mail) ;
- et d’autres données présentes uniquement dans certains comptes (adresse postale et numéro de téléphone).
Dès la détection de l’incident, des investigations techniques ont été menées par les services compétents et toutes les mesures nécessaires ont été prises.
Les données transmises dans le cadre de vos démarches de passeport, carte d’identité, permis de conduire et carte grise (numéro de demande, statut de demande, pièces justificatives, photographies) ne sont, par ailleurs, pas concernées par cet incident.
Vous n’avez ainsi aucune démarche à accomplir.
Au regard des données personnelles concernées, il est cependant possible que vous receviez prochainement des appels ou des courriels indésirables. Aussi, nous vous recommandons de redoubler de vigilance, de ne jamais communiquer vos informations personnelles et de nous signaler toute activité inhabituelle sur votre compte via le formulaire dont le lien figure à la fin de ce message.
Conformément à l’article 33 du règlement relatif à la protection des données personnelles (RGPD), l’incident a été notifié à la commission nationale de l’informatique et des libertés (CNIL). Le ministère de l’Intérieur a, par ailleurs, transmis un signalement à la Procureure de la République de Paris en application de l’article 40 du code de procédure pénale en vue de l’ouverture d’une enquête.
Nous vous assurons que la sécurité de vos données constitue notre priorité et restons à votre écoute.
Pour toute information complémentaire, nous vous invitons à nous contacter via le formulaire de contact.
Cordialement,
France Titres, l’agence nationale des titres sécurisés”
So what’s the compensation?
compensation for what?
Exactly. Under normal liability circumstances, one would have to prove a causal link to that specific data leak and a damage to the user whose data was leaked. The question remains as to whether the state can be liable, and if so whether it is also responsible for payment of damages, assuming that it hasn’t enacted into law some kind of get out clause.
What I have done, although they say you don’t need to take any action, is to immediately change passwords on any accounts that use similar passwords including ANTS.
I think presumptions can be made that such lack of care en masse is harmful without further proof specific to the individual. That’s after all the basis on which states levy fines in the hundreds of millions on firms such as British Airways who were also required to compensate those whose data security was breached.
Instead of government or some info protection agency hoovering up fines I think there needs to be a minimum sum awarded to the subjects of the breach depending on the nature of the data not safeguarded. After all, the effects are well known. In fact this could even stop an individual making an even huger claim because sooner or later enough people will be able to prove substantial personal damage and identify the source unequivocally.
Right now it’s just theatre and the lack of care continues because punishments implenented are not high enough and the victim who’s most affected gets nothing.
Surely you are presuming a lack of care ? 
I think it has to be considered a lack of care by default.
You piqued my curiosity! 134 for me, just in Chrome.
I have the email as well, this morning. I made a driving license application recently, but logged in via France Services using my Impots login credentials. Wonder what difference this makes ? 
Silly question - what are we supposed to do?