France’s Interior Ministry suffered a cyberattack that lasted several days, Interior Minister Laurent Nuñez confirmed. The attackers specifically targeted email accounts within the Place Beauvau ministry, which employs nearly 300,000 staff members. The breach allowed unauthorized access to internal communication systems and sensitive police databases, raising alarm within the ministry. Nuñez spoke publicly on Wednesday, acknowledging the seriousness of the attack while stressing that authorities acted quickly once the intrusion was detected.
The minister explained that the hackers exploited a lapse in digital security procedures, gaining entry to professional email accounts and retrieving login credentials. While the attack did not put citizens’ lives at risk, it exposed confidential files and forced authorities to initiate a full investigation.
The Scope of the Breach
According to Nuñez, the hackers accessed several critical police files, including the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR). At this point, officials cannot determine the full extent of the intrusion, but they suspect that a few dozen files may have been removed from the system.
The minister also admitted uncertainty regarding the potential impact on ongoing investigations. He reassured the public that the breach, while serious, did not compromise safety or security. Importantly, no ransom demand accompanied the attack, suggesting the intruders’ motives remain unclear.
Responsibility and Response
Nuñez attributed the breach to human error despite regular reminders about cybersecurity practices. He warned that even a small number of individuals neglecting procedures can create vulnerabilities that attackers exploit.
The intrusion came to light after BFMTV reported suspicious activity targeting the ministry’s email servers. Shortly afterward, a hacker group claimed—without providing proof—that it had accessed data on more than 16 million people. Nuñez dismissed this claim as false and confirmed that the ministry reported the incident to the CNIL, France’s data protection authority, as required by law.
In addition to notifying the CNIL, Nuñez ordered an internal administrative investigation. France’s Anti-Cybercrime Office now leads the inquiry, and judicial authorities are working to identify the perpetrators quickly. The ministry is reviewing security protocols to prevent future incidents and reassure both employees and the public.
