FICOBA data leak: insights from Stéphanie Ledoux — CEO of Alcyconie — on TF1

On 19 February 2026, Stéphanie Ledoux, founder of Alcyconie and a cyber crisis management expert, appeared on TF1 to share her insights on the security incident that led to the exfiltration of data from the French national bank accounts registry (FICOBA — Fichier national des comptes bancaires).

According to the initial information made public, the incident stems from the compromise of a privileged account, which allowed unauthorized access to the database and the exfiltration of data relating to approximately 1.2 million bank accounts. The information concerned reportedly includes IBANs, the identity and the address of the account holders.

The FICOBA registry is one of the most sensitive databases of the French administration: it lists every bank account opened in France and is used in many administrative and judicial contexts.

Amid intense media coverage, several key points are worth reiterating.

1. Legitimate concern over a particularly sensitive registry

The growing number of data leaks in recent years has been fuelling rising concern among the general public. When an incident affects a registry as foundational as FICOBA, this reaction is understandable.

That said, in the early hours of a cyber incident, analytical caution is essential. Technical investigations must precisely establish the circumstances of the event: how the account was compromised, how the system was accessed, and the exact scope of the data viewed or exfiltrated.

This analytical work takes time and a high degree of precision. Hasty conclusions rarely prove the most accurate.

2. Cybersecurity: an ongoing effort

The incident also raised the question of the security of information systems, particularly public ones.

On this point, a reminder is in order: cybersecurity is neither a fixed state nor a promise of invulnerability. It relies on ongoing work of anticipation, monitoring and adaptation in the face of a constantly evolving threat.

Digital environments are growing more complex at a rapid pace: proliferation of identities and access rights, increasing interconnections between systems, blurring of professional and personal uses, and the accelerated integration of new technologies such as artificial intelligence.

In this context, protection measures must be continuously strengthened and adjusted.

3. The mobilization of a broad ecosystem of stakeholders

Managing an incident of this scale immediately mobilizes a broad ecosystem of stakeholders: technical teams, government services, competent authorities such as ANSSI, data protection authorities such as the CNIL, as well as all the services involved.

Analyzing the attack, understanding the mechanisms of compromise, containing its effects and securing the systems all require close coordination and intense mobilization, often under significant operational and media pressure.

In such moments, the work of the teams involved deserves recognition: managing a major cyber incident is a demanding undertaking, carried out amid urgency, complexity and responsibility.

4. Individual vigilance remains essential

Lastly, this type of incident is a reminder that leaks of personal data can lend greater credibility to phishing campaigns and facilitate identity theft attempts.

Reliable personal information allows attackers to craft far more convincing fraudulent messages.

In this context, individual cyber hygiene remains an important line of defense: enabling multi-factor authentication, staying alert to suspicious messages, and separating personal and professional uses.

The resources made available by cybermalveillance.gouv.fr are a valuable reference in this regard for adopting the right habits.

Now more than ever, cybersecurity is a shared responsibility: that of institutions, of organizations… and of citizens.