It may be easy to make fun of the French because they seem to be ground zero for wrench attacks, but really: this could be any country.
France Titres, formerly known as ANTS, operates the portal where residents apply for passports, national ID cards, residence permits, driver’s licenses, and vehicle registrations.
On April 15, something broke inside that system. A week later, the Interior Ministry confirmed what anyone watching digital ID schemes has been saying about this exact architecture for years, and the scale on offer from the attacker makes the warning harder to wave away.
A threat actor using the aliases “breach3d” and “ExtaseHunters” appeared on criminal forums on April 16, claiming to have stolen between 18 and 19 million records from the agency’s internal systems.
19 million records from one breach. that's kind of the whole argument against centralized identity systems right there. One database and everyones exposed. and this wont be the last time either, these attacks will keep happening because centralized systems will always be a target worth hitting. nothing changes until this type of systems stop being used.
After detailing the data that they have exfiltrated, the hacker then delivers the sucker punch.
That's a double insult. Croissants aren't supposed to be crumbly either.
And people wonder why some of us are hesitant about mandatory digital IDs. 19 million records is a massive haul for a week's work.