22-Year-Old Hacker Charged and Detained Over Major Cyberattack on French Ministry of Interior

On December 20, 2025, a 22-year-old man, identified as Melvin L., was charged and placed in provisional detention in connection with a significant cyberattack targeting the French Ministry of Interior. The suspect faces charges including unauthorized access and sustained infiltration of a state data processing system, participation in a criminal organization, and potential sentences up to 10 years in prison.

The Ministry of Interior uncovered suspicious activities affecting servers linked to judicial records, notably the criminal records database and the wanted persons file. According to Interior Minister Laurent Nuñez, the attack was "very serious," involving the extraction of a few dozen confidential files and exploitation of weak digital security practices leading to access code breaches. In response, the ministry immediately enforced stricter security measures such as mandatory two-factor authentication for personnel.

Melvin L., previously convicted for similar offenses earlier in 2025 (though this conviction is not yet finalized), was arrested in Haute-Vienne. He is part of a group of seven young men who have been involved in sim-swapping-related thefts and extortions and are considered high-risk for recidivism. The prosecution has framed the operation as participation in an organized criminal group preparing a serious crime.

Melvin's lawyer, Julien Zanatta, contested the charges and the detention, emphasizing the suspect’s lack of prior convictions and asserting that the investigation will clarify the facts. Prosecutor Laure Beccuau referenced Melvin’s previous charges as part of the background, pointing to the ongoing nature of his criminal proceedings.

This incident highlights growing concerns about cybersecurity vulnerabilities within French governmental IT systems and raises urgent questions about digital hygiene and protection measures in place to safeguard critical personal and judicial data.