Skip to content
Resources

Data Security

Bureaucratic access and leak risk

Why a database shared between administrations is a honeypot: it multiplies human access points and can make one leak catastrophic.

Updated

Short answer

A database shared between administrations is, by design, a very high-value target: a honeypot. The larger, more valuable and more searchable a database is, the greater the effort attackers will spend and the more devastating a single leak becomes. Regulated crypto-asset service providers (CASPs) under MiCA, DORA and the GDPR are supervised, sanctionable professionals with financial incentives to protect their customers. DAC8 does the opposite: it moves data into administrative reporting networks where access is broader and accountability is harder for users to assess. The security of the whole is then only as strong as its weakest link. Data minimization is therefore a security control, not just a legal principle: the safest database is the one that does not need to exist.

Key facts

MarkerFigure or fact
Authorized CASPs (current model, without DAC8)roughly 100 to 200 independent entities
Leak kept contained (Waltio example)50,000 customers
DAC8 model1 centralized database × 27 administrations = 27 equivalent targets
Agents of a single administration (France, DGFiP)roughly 100,000
MiCA in forcesince 30 December 2024
DORA in forcesince January 2025 (major incident notified within 4 h, full report within 72 h)
GDPR sanctionsup to 20 M€ or 4 % of worldwide turnover
Fine on an administration (Bulgaria, 2019)2.9 M€ paid by the Bulgarian taxpayer to the Bulgarian State

The principle: do not concentrate the target

The concentration of vast amounts of sensitive identity data in one location transforms these databases into highly attractive targets, or ‘honeypots’, for hackers and identity thieves.

Breached.company, The Digital Honeypot, September 2025

A database is never only a technical object. It is surrounded by administrators, agents, vendors, subcontractors, auditors, support processes and access controls. The larger and more valuable the database, the greater the effort attackers will spend, and the more devastating the consequences of a leak. The DAC8 target will be one of the most valuable in Europe.

The human risk

The security of a shared database depends on every access that is granted. The more administrations, systems and people involved, the higher the probability of an error, an abuse or a compromise. As data is exchanged across jurisdictions, the number of people and systems that can touch it grows: a single compromised account, a corrupt insider or a simple operational mistake can expose information collected from a very large population.

In a DAC8/CARF network, the risk is not only external hacking. It is also internal access: abusive consultation, extraction, resale, corruption, misconfiguration or a compromised vendor.

CASPs: supervised and incentivized professionals

CASPs authorized under MiCA are subject to a strict framework:

  • MiCA (since 30 December 2024): ICT risk management, segregation of client assets, strong authentication, continuous monitoring;
  • DORA (since January 2025): identify, protect, detect, respond and recover; notification of major incidents within 4 h, full report within 72 h; resilience testing and independent audits;
  • GDPR: sanctions up to 20 M€ or 4 % of worldwide turnover.
IncentivePrivate CASPTax administration
Loss of license after a leakYes (MiCA)Not applicable
Loss of customersStrong (competition)Captive
Commercial reputationExistential riskLimited
Financial penaltiesUp to 4 % of turnover (GDPR)Often symbolic
Accountability of leadershipMLRO, Compliance OfficerDiluted
Cybersecurity investmentContinuousOften lagging

The attack surface compared

  • Current model (without DAC8): roughly 100 to 200 authorized CASPs, each with its own systems. Compromising the majority of holders requires hacking dozens of independent entities; a leak stays contained (Waltio: 50,000 customers).
  • DAC8 model: 1 centralized database × 27 administrations = 27 equivalent targets, with millions of agents and vendors potentially exposed worldwide (DGFiP: roughly 100,000). A single failing administration can compromise all the holders in its jurisdiction.

27 administrations share the data. The security of the whole is only as strong as its weakest link.

Why a single leak is enough

A crypto data leak can be more serious than a leak of ordinary administrative data. If it links identity, address, history and economic value, it can be used to physically target people.

The problem is asymmetric: a single weak point is enough to expose a large number of people, but each victim then has to deal with the consequences alone. The more valuable and searchable the database, the more damaging one leak becomes.

The minimization principle

The best security is not only to protect a large database. It is to avoid creating a large database when the objective can be achieved with a targeted request. Centralization does not eliminate risk: it concentrates it.

Data minimization is therefore a security control, not just an abstract legal principle. The safest database is the one that does not need to exist.

Breached.company, The Digital Honeypot, September 2025 · Cyfrin, Global Relay, Unit21 (MiCA / DORA) · NRA Bulgaria, 2019.