alt Hacker NewsFrench government agency confirms breach as hacker offers to sell data
Comments
I received the email telling me I am impacted today.
Ironically it changes nothing for me as that same data had already been leaked by the French government agency that handles unemployment benefits a couple years ago. Silly me had not bothered deleting that account even after it was no longer necessary due to finding a new job.
And they're still pushing through with the idea of centralized IDs for the internet creating massive honeypots for hacker groups and AI companies all over the world. Meanwhile it's a breach every other month all over.
If governments are treating my personal data as if it is worth nothing, then I'm not going to treat copyrighted works as if they are worth something.
If you want to build a society on information, then you cannot forget the most important group.
It seems to me we must move away from worrying about ransomware, data breach, data protection as that ship has already sailed and everyone's PII has already been stolen. We should think of how to verify people's identities online (for things like government benefits etc). I have heard of the Dutch and the Japanese using national digital identity systems although I am unclear how they work. India is doing biometrics. I am curious what the US will eventually land on.
I find it especially ironic that they would leak all my data, given the fact that they would ask of me to forward them every piece of id imaginable whenever I needed to forge or amend a new one (when adding a mention on my driver's license for instance).
Like they didn't have access to it anyway.
19 millions de Français! Et moi, et moi, et moi.
There’s something to be said about old school bureaucratic institutions: it made breaches like this significantly more difficult to pull off and far less valuable as a result.
It also ensured democratic participation by all of the people employed there making sure that processes are followed and making sure no one is cheating.
We all knew that systems like this would get breached. It’s not a matter of, “if,” but, “when.” If we’re going to continue down this route because of convenience or surveillance and authoritarianism or whatever; people designing these systems need to thinking: When this system is breached…. And they should make sure there’s a good story for protecting people and the system from these sorts of events.
It’s kind of interesting that this happens so shortly after they proudly announced how easily they would’ve able to migrate all systems from Microsoft and US firms. Maybe next year will be the year of the Linux desktop
Would it be possible to spread so much noise that data like this becomes useless? Could an LLM be used to help here?
Url changed from https://techcrunch.com/2026/04/22/france-confirms-data-breac..., which points to this.
In 2015/2016, the president (Hollande), and its prime minister (Valls) did install a document which is "law", about technical directives for the gov and its agencies/dependencies. This document was probably written by big tech themselves. No following prime minister and even the new president (macron), did fix this obvious big tech ("whatng cartel") trojan horse.
They were probably screwed as f... or they had/have some interests somewhere ($$$).
In the last decade, all web sites were broken to be replaced by web apps ($$$), creating a hard dependency on the massively huge and complex "whatng cartel" web engines and their related massively complex c++ compilers. It is very hard to believe to anything else than corruption, really hard.
This document, which is law, which only the president and prime minister have power on, must be modified to make the difference between web sites and web apps and to mandate a web site for core and critical online services of gov and dependencies. Aka, restore noscript/basic (x)html interoperability, or "small" and technically reasonable web engines (to foster real-life alternatives from citizen, local company, etc, initiatives). All of such online services had a working web site (no app) before this document sold the gov and its dependencies to big tech (here the "whatng cartel").
No gov authorities (competition/anti-trust, justice, etc), not even the parliaments can do anything here, only the president and the prime minister.
Hardly believable, and I found out only a month ago, in spite of consulting lawyers, being part of related user groups with legal experts, etc, for 10 years. I could not understand what was going on, all this money and 'loss of strategic control' channelled in those 'companies'.
C’est la vie.
We are going to leak everything from our sexual health records to our HR files
It's the age of the leak and the sooner we accept, no matter our efforts, we live in a security free world and design around that - the better
What all these breaches tell me is that personal data should not be required, and especially not stored unless absolutely necessary. I cannot verify how my data is treated once it leaves my device, so how can I possibly trust it will be treated properly and not leaked?
This is a major reason as to why I am so strongly against all this verification shit governments keep trying to push, the best way to keep data secure is not to have it in the first place, therefore my personal data should not leave my device except in the strictest of circumstances for things like my name/DOB/address/SSN.
- There was no leak - Here is sample data we stole
„Small, not harmful leak of non important data, few records only”
Important to remember: this is the competency level of basically all governments who are currently proposing you be required to identify yourself using their proprietary identity systems anytime you visit a website to "save the children."
There will be zero risks to you of course, because their software is magically perfect, unlike any other software created in the history of mankind.
Governments may just be incompetent. Still, the lobbyists will never give up for mandatory age verification in the future.
A possible outcome of AI-assisted hacking is that companies, governments, and people become more resistant to using software, and software adoption actually declines.
This shit should be stored encrypted not in plaintext.
Use Mythos!
It's nothing special. Our data goes away on a regular basis.
They hack the taxes and the heath insurance system and yhay have everything about us.
What a shitty world because of these idiots
Yet another example why NO ONE should trust age verification laws or companies like Anthropic forcing you to verify identity with shady companies like Persona (https://news.ycombinator.com/item?id=47872608). Whatever info you give up, it’ll be exposed one day.
[dead]
[dead]
Great, now scammers can steal my identity directly from the government. I hope they release a tool to check if I'm impacted or at least email me about it.
I trust Google more than any government with my data. One needs security to survive the other couldn’t care less.
Google selling data? So far no one came to blackmail me for certain dispositions, while the other does as they want, IRS, foreign governments, social security whatever.
Google can be sued while the other gives itself a pass.
Who is the baddie?
In Germany the administration put massive duties on IT providers and added punitive damage as a looming consequence.
Fast forward and the government with its “Ha, we are so digital!” and “Europe is better than US in CS!” suddenly has to swallow some brutal medicine I guess.
I stick to my guns: Silicon Valley and especially Google is art regarding code and CS evolution. Same for FAANG etc.
EU is hubris to say the least.
Every time someone says “Let’s build our own Google/Cloud/…” a penguin dies.
E Invoice will be a brutal boomerang, XRechnung the greatest backdoor of all times.
Your data, time to shift everything into the EU.
> the data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens
Nothing really new here sadly, this information about me have leaked half a dozen of times in the past 2-3 years or so. These things will never change if the only penalty the company/agency gets is "send a message to your users saying you are sorry and that it won’t happen again".