22-Year-Old Arrested After Major Cyberattack on French Ministry of the Interior

On December 17, 2025, French authorities arrested a 22-year-old suspect connected to a significant cyberattack targeting the Ministry of the Interior's servers. The breach, first revealed through suspicious activity affecting email accounts and sensitive police databases, compromised files including the TAJ (Criminal Record Processing) and the FPR (Wanted Persons File).

The suspect, detained in Limoges and previously convicted for similar offenses earlier in 2025, faces charges related to organized crime against a state-operated automated data processing system, carrying potential penalties of up to ten years in prison. Judicial and administrative investigations are ongoing, with the National Commission on Informatics and Liberty also involved.

Interior Minister Laurent Nuñez described the attack as "very serious," highlighting that only a few dozen records have been confirmed as extracted, contradicting claims by hackers who alleged they accessed data on millions. Nuñez revealed that improper password management by some ministry agents, including unsafe exchanges of credentials via email, facilitated the breach. Approximately 300,000 agents access the ministry systems, and some enabled unauthorized retrieval of access codes.

The incident also underscored internal conflicts within the hacker community. The attack was announced on BreachForums, a prominent online marketplace for stolen data, by a user named "Indra." The announcement aimed to demonstrate the forum's legitimacy and counter suspicions of being a law enforcement "honey pot."

In response, the Ministry has implemented immediate security measures, including mandatory two-factor authentication for all agents. The full extent of the data breach remains under investigation, with authorities continuing to assess the impact on national security and citizen data.

This cyberattack highlights increasing challenges in safeguarding sensitive government data amid evolving digital threats, prompting urgent reinforcement of cybersecurity protocols.