The affair, revealed on May 11, 2025, is chilling, but unfortunately it is no longer an isolated case. A few days ago, an alert launched by the specialist site Zataz highlighted a major scandal: a database containing the tax and personal information of more than two million French taxpayers was discovered and then sold on a dark web forum. The file, put up for sale for (only) $3,000, reportedly quickly found a buyer, raising fears of rapid and massive exploitation of this data.
What data is affected?
The compromised information comes mainly from two sites specializing in tax exemption: reduction-impots.fr and impots-reduc.fr, both operated from the south of France. According to initial findings, the attack targeted a partner call center, a weak link in the security chain, whose protocols were clearly very inadequate.
The compromising file, dated October 13, 2024, reportedly contains disturbingly detailed information: names, addresses, phone numbers, email addresses, bank details, tax profiles, investment history, etc. These details make the leak particularly dangerous, especially during tax return season. In concrete terms, with this information in their possession, the scammers are able to precisely target their victims, providing precise data about them, in order to deceive their vigilance.
This sale comes at a strategic time: each year, the tax return season increases the risks of phishing scams, identity theft, or misappropriation of tax refunds. This time, however, the sophistication of the techniques used by cybercriminals raises fears of a wave of scams on an unprecedented scale. Fraudsters are able to send emails or text messages imitating those from the General Directorate of Public Finances, or make phone calls pretending to be wealth management advisors. The danger is real: a simple response to this type of fraudulent solicitation can be enough to compromise your banking data and empty your account. With 2 million taxpayers affected, you may be affected.
More and more breaches
The CNIL, which has already recorded more than 2,500 data breaches in the first quarter of 2025, warns of the increase in this type of incident and the growing difficulty for individuals to detect attempted scams. More than ever, this case highlights a structural flaw in the uncontrolled outsourcing of sensitive data. This was recently the case with La Poste and Alain Afflelou. Even web giants like Amazon are not spared.
Faced with this threat, caution is advised. Remember that the tax administration never sends emails or text messages inviting you to click on links or transmit banking information without going through the authenticated space of the impots.gouv.fr website. Any suspicious solicitation should be ignored, and we also advise you to systematically check the sender's address and never communicate confidential information by telephone or email.
0 Comments