The General Directorate of Public Finances announced on Tuesday that it had been the victim of a massive hacking of the space dedicated to individuals Impots.gouv.fr. According to “Le Canard enchaîné”, thousands of tax forms have been tampered with.

By breaking into the users' personal messaging system, hackers can not only reset the password, but also find their tax number.

One might think the fortress of Bercy is impregnable, but hackers have found the loophole. The General Directorate of Public Finances (DGFIP) announced on Tuesday that it had been the victim of a massive hacking of the space dedicated to individuals Impots.gouv.fr. More than 2,000 personal e-mail accounts were intruded, which allowed hackers to renew the password on the online space of the users concerned.

The incident took place at the end of June, just after the tax filing period. According to “Le Canard enchaîné” to be published this Wednesday, thousands of tax forms have been tampered with. By entering users’ personal messaging, hackers can not only reset the password, but also find the tax number in the event that the taxpayer has sent his tax notice by email for his administrative procedures. They can then modify certain elements of the income tax return.

“The tax administration received 2,000 password reset requests in a very limited time”, indicates a spokesperson for the ministry, considering that “The warning system worked well”.

Secure your access

Bercy indicates that the users concerned have been warned by phone or email. Their tax situation has been restored to their original state. “It is necessary to secure its access so that a hacker cannot access your personal data and thus carry out operations without your knowledge”, warns the DGFIP. In the meantime, the services of Bercy will secure from the end of August the reset of the password by entering a secret question. Other solutions, compatible with European standards and the GDPR, are being considered, such as sending a code by SMS or applying a biometric system.