15-Year-Old Suspect Faces Probe Over Massive French ID Data Breach
Investigation and Impact of the French ID Data Breach
Suspect and Investigation Details
PARIS, April 30 (Reuters) - The Paris prosecutor's office has opened an investigation into a 15-year-old, suspected of having hacked the country's ID agency and trying to sell the data of millions of French people on the dark web this month, it said on Thursday.
The teenager, whose identity was not revealed, was detained on April 25 and held in police custody for questioning after he was suspected of hiding behind the nickname "breach3d", a hacker who had put on sale on hacker forums between 12 and 18 million lines of stolen data, the prosecutor's office said.
Legal Consequences
Fraudulent access and theft of data managed by the state carries a punishment of up to seven years in jail and a fine of as much as 300,000 euros ($350,000).
Details of the Data Breach
Agency Response
ANTS, the agency that stores personal data from French citizens such as ID cards, passports, driving licences and licence plates, confirmed the data put up for sale was authentic and told the police it had detected "unusual activity" on its network on April 13.
ANTS is also handling the age-verification app that is intended to prevent children under 15 from gaining access to social networks.
Notification to Citizens
On April 22, nine days after the breach, the agency sent millions of French citizens an email advising them about the cyberattack and recommending extra caution as they may receive unwanted calls or emails, and told them never to disclose personal information.
The agency added all necessary measures were taken, without specifying what they were.
Broader Implications
Concerns Over Centralized Data
The cyberattack has raised questions in France over the safety for citizens to have all their information stored in a centralised database.
Exchange Rate Information
($1 = 0.8546 euros)
Reporting Credits
(Reporting by Inti Landauro, additional reporting by Ingrid Melander)
