A database containing the tax information of two million French people has been unearthed on the dark web. Discovered by our colleagues at Zataz, the directory was put up for sale and sold by a cybercriminal on a black market. It is now believed to be in the hands of another hacker, who reportedly paid $3,000 to get his hands on the data.
A leak that dates back to last fall
The data was stolen from a French company specializing in tax exemptions, Reduction-impots.fr. Based in Bordeaux, the company presents itself as a wealth management consulting firm that focuses on tax exemptions and financial investments. Since its creation in 2012, Reduction-Impots.fr has operated entirely online. Customers can electronically sign all necessary documents.
As explained by the hacker behind the sale, the data was stolen on October 13, 2024. Apparently, the hacker managed to compromise the system of a call center partnered with the Bordeaux-based company. For the moment, the identity of this call center has not been disclosed. The article suggests that the center's security protocols were flawed. Among the compromised data are the phone numbers, email addresses, and countless financial information of more than two million people.
A danger during tax returns
The timing of the sale is not insignificant. Everything suggests that the hacker waited for tax season in France to put the database online. Since last month, French taxpayers have been asked to submit their tax returns to the tax authorities.
In this context, stolen data could be used to design phishing attacks or other scams targeting taxpayers. The tax return deadline makes May the ideal time to spread scams. According to Zataz, French taxpayers "could be targeted by fraudulent messages imitating communications from the tax authorities, or by phone calls impersonating wealth management advisors." We urge you to exercise extreme caution. Do not blindly trust an email or message claiming to come from the tax authorities or another entity.
The leaks are piling up
This leak resurfaces as the number of cyberattacks in France continues to skyrocket. During the first quarter of 2025, the CNIL learned of 2,500 data breaches in France. These include the hacks of La Poste, Chronopost, and Easy Cash.
During numerous security incidents in recent months and years, the private information of French people has ended up en masse online, in the hands of cybercriminals. By exploiting the monstrous amount of data available, hackers can now cause serious damage. The tax data hacked in October can now be combined with other leaks to steal the victims' identities. In other words, the leak of tax data contributes to increasing the risks that already weigh on all Internet users in France.
Source: Zataz
0 Comments