Brinztech Alert: The Alleged Database of Décès en France is Leaked

Dark Web News Analysis

The dark web news reports a massive data leak involving deces-en-france.fr, a site aggregating records of deaths in France. A threat actor has released a database containing approximately 28,498,095 records.

The sheer scale of this leak—nearly 28.5 million entries—covers a vast portion of the French population’s historical data. The exposed fields include Full Names, Genders, Dates of Birth, Places of Birth, Dates of Death, and Death Certificate Information. While much of this data is technically sourced from public archives (INSEE), the aggregation of such a massive dataset into a single downloadable file creates a high-utility tool for fraudsters.

Key Cybersecurity Insights

The theft of deceased individuals’ data facilitates a specific and insidious type of cybercrime known as “Ghosting”:

• “Ghosting” Identity Theft: Criminals use the PII of recently deceased individuals (whose credit reports are not yet updated to reflect their death) to apply for loans, credit cards, or tax refunds. With 28.5 million records, attackers can automate the process of finding “fresh” records where the death date is recent enough to exploit the administrative lag in banking systems.
• Estate Scams & Social Engineering: The most immediate threat is to the surviving family. Scammers can use the Death Certificate Information to contact relatives, posing as debt collectors, notaries, or insurance agents. They might claim the deceased had “unpaid debts” or a “hidden life insurance policy” to extract payments from grieving families.
• Heritage & Genealogy Fraud: Attackers can use the Place of Birth and lineage data to falsify family trees, potentially laying claim to unclaimed assets or fabricating citizenship applications.
• GDPR Nuance: While GDPR primarily protects living individuals, the security failure of the platform itself is critical. If the database also included logs of who was searching for these records (e.g., users looking up relatives), that user data would be strictly regulated and its exposure would be a major compliance violation.

Mitigation Strategies

To protect families and the integrity of civil records, the following strategies are recommended:

• Family Vigilance: Relatives of the recently deceased should be vigilant against unsolicited calls regarding the estate. Legitimate notaries do not demand urgent cryptocurrency or wire transfers to “unlock” an inheritance.
• Credit File Freezing: In many jurisdictions, families can request a “Deceased Do Not Contact” flag or freeze the credit file of a deceased family member to prevent new accounts from being opened.
• Platform Security Review: The administrators of deces-en-france.fr must investigate the breach source. Even if the data is public-facing, allowing a bulk export of 28 million rows indicates a failure in Rate Limiting and Anti-Scraping defenses.
• Scam Watch: Monitor for “obituary spam” or phishing emails that reference specific dates of death found in the database.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com