The French authorities has revealed {that a} current breach of the Tchap encrypted messaging platform affected the accounts of greater than 73,000 French public sector workers.
DINUM, the French authorities’s digital affairs directorate, mentioned on Monday that it had notified France’s information safety company (CNIL) as a result of attackers used compromised person accounts to entry the Tchap platform, doubtlessly exposing private information shared by some customers.
DINUM initially shared few particulars about what was uncovered or how many individuals had been affected by the breach, however in a subsequent replace revealed that the attackers could have accessed data shared by roughly 9% of all registered customers on the platform.
DINUM defined that whereas personal conversations are encrypted and their contents protected, attackers had been in a position to steal all information shared in unencrypted public chat rooms. This allowed us to gather your identify and electronic mail handle, your avatar picture, and the general public sector group you’re employed for.
“Of greater than 825,000 registered brokers, this incident impacts 73,467 brokers, representing lower than 9% of registered customers. These boards are public by design to all customers, and messages usually are not encrypted. Officers’ personal conversations stay protected,” the report mentioned.
“Right now, the account behind the malicious request has been recognized. The account was instantly blocked to take away the attacker’s everlasting entry and to permit additional evaluation of the info he was in a position to entry. The info which may be exfiltrated from person accounts includes not less than first identify, final identify, electronic mail handle, entity affiliation, and avatar.”
DINUM has not but attributed the breach, however a menace actor claimed accountability for final weekend’s assault, saying they accessed the platform after a social engineering assault and shared samples of stolen information.
The attackers claimed to have collected roughly 650,000 messages and knowledge from greater than 73,000 accounts, together with electronic mail addresses, assembly hyperlinks, organizational data, and account and gadget metadata.
In addition they allegedly stole greater than 13.5 GB of paperwork and media information shared by authorities workers utilizing the Tchap service, in addition to hard-coded LDAP credentials leaked by way of a PowerShell script.
Developed in 2018 by DINUM in collaboration with ANSSI (French Cybersecurity Company), Tchap is a decentralized collaboration instrument and prompt messaging platform for the French public sector primarily based on the Matrix protocol.
Tchap, which grew to become the default app for enterprise communications for all civil servants in early August 2025, has over 300,000 month-to-month customers and has at the moment been downloaded over 500,000 instances on Google’s Play Retailer.
In Could, French authorities arrested a 15-year-old man on suspicion of promoting information stolen in an April cyberattack on ANTS, the company that points and manages official identification playing cards and registration paperwork.
Safety groups doc 54% of profitable assaults and problem a warning on solely 14%. The remaining strikes invisibly by the surroundings.
Picus’ whitepaper reveals easy methods to take a look at your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
