Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Cyber Threats » France Invests €200 Million ($228m Approximately) to Fight Cybercrime Amid Record Data Breaches

France Invests €200 Million ($228m Approximately) to Fight Cybercrime Amid Record Data Breaches

Last updated:July 2, 2026
Human Written
  • Data theft is now a more lucrative business than drug trafficking; cybercriminals have hacked companies (like the National Assembly, Leroy Merlin and thousands of others) to steal their data.

  • Kidnapping of cryptocurrency holders has risen sharply due to criminals using this stolen data to track and locate their victim.

  • The French Government has committed €200 million to fighting cybercrime, but experts say enforcement of the GDPR is still poor.

France Invests €200 Million to Fight Cybercrime Amid Record Data Breaches

Data breaches are now at an extreme high level in France. Hackers obtain sensitive data from both the private and public sectors, and from average French people at alarming rates.

The authorities arrested seven suspects in France on June 11, who allegedly committed a massive operation stealing data from a significant number of entities in several instances.

Investigations commenced in November last year after an attack against a business located in France. Investigators found that the criminals had accessed records from over 1,500 different entities, such as athletic associations, the French national parliament, etc.

On June 16, prosecutors formally charged two hackers, one who was a juvenile and the other who was in his early 20’s, both belonging to the Dumpsec hacker group. This is not unique. France Travail experienced a cyberattack last year that exposed approximately 340,000 job seekers’ personal and private information in that breach.

The largest of known breaches occurred two years ago and impacted potentially 43 million records. The National Agency for Secure Documents suffered a breach of its own in April this year, compromising 11.7 million records.

Security expert Renaud Lifchitz observed that the trade in stolen information now outpaces the illegal drug market. He noted that people do not realize it, but it even serves the war effort, as Russia and Iran finance themselves with this stolen data, which they then resell.

Kidnappings and the Crypto Connection

Data leaks can have particularly dramatic consequences in the cryptocurrency ecosystem. Also, kidnappings and abductions are now the new tactics as criminals target crypto holders. Before striking, organized crime networks monitor potential victims online and confirm their crypto assets.

Criminals collect this information from multiple sources, such as phishing emails, hacked databases, leaks from trading platforms, or security breaches in public services. The most common reference point of a data leak is the hacking of the French company Ledger in the 2020s. The data breach affected over 272,000 people in the crypto community. It exposed not only their full legal name but also their home address and phone number.

One victim shared her story publicly after her home became the subject of a kidnapping threat due to exposed data from a leak. She stated her family is too traumatized to return to France and now live abroad since the incident.

The data circulates on the dark web, where criminals resell it. This information enables physical attacks against individuals who hold digital assets. The combination of financial data with personal information creates a dangerous situation.

State-Sponsored Cybercrime

The stolen data business has become a strategic tool for nation-states. According to a Chainalysis report, 75% of ransomware proceeds went into wallets associated with Russia and other former Soviet countries. A number of companies, such as Russian hosting provider Aeza Group, are now subject to US sanctions.

For criminal organizations, data theft serves strategic purposes. Attacks can paralyze hospitals or town halls, destabilizing communities. However, some exploits come from lone actors, hackers barely of legal age, seeking notoriety and easy money.

This pattern is evident in France, where authorities are investigating a teenager over an alleged 11 million ID data breach.

The young British hacker Arion Kurtaj, then 18, successfully infiltrated Rockstar Games’ systems four years ago. Further, he accessed GTA VI materials. He did this from a hotel room while under police surveillance and without access to a computer.

Other young criminals emulate large corporations. An 18-year-old operating under the alias Zalko helped build a website where anyone can search through 1.2 billion personal records belonging to French residents.

The website boasts on its homepage: “Find anyone in seconds.” Zalko argues they are not doing anything illegal and that they accept deletion requests. However, the data offered on the website can be exploited by criminals.

France’s Response and Ongoing Challenges

In late April, Prime Minister Sébastien Lecornu unveiled a €200 million initiative along with plans to restructure the government’s digital operations. Despite these promises, vulnerabilities continue to multiply, including within public services like the ANTS in April.

Lifchitz criticized the state budget as woefully inadequate – he argued that the focus should be on preventing companies with insufficient security measures from collecting data without prior audits, particularly in regulated sectors like finance and healthcare. According to him, the implementation of the General Data Protection Regulation (GDPR) is necessary.

He mentioned that CNIL has only sanctioned 5% of negligent businesses which do not provide a significant amount of deterrence. He called for a return to the principle of data minimization and noted that more advanced encryption techniques are available.

The CNIL maintains that it has strengthened its enforcement efforts. The authority reported that it conducted 313 inspections, with 89 focused specifically on security issues. It issued 22 sanctions, several of which were for failing to ensure data security. However, these actions remain a drop in the ocean compared to the vast amount of vulnerable data.

Share this article

About the Author

Memchick E

Memchick E

Digital Privacy Journalist

Memchick is a digital privacy journalist who investigates how technology and policy impact personal freedom. Her work explores surveillance capitalism, encryption laws, and the real-world consequences of data leaks. She is driven by a mission to demystify digital rights and empower readers with the knowledge to protect their anonymity online.

View all posts by Memchick E >
Comments (0)

No comments.