Skip to content
Data breachContained

Leak at the French Ministry of the Interior

In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

Victim
French Ministry of the Interior

On 13 December 2025, France's Ministry of the Interior (Place Beauvau) — the central government department overseeing the national police, gendarmerie and internal security — disclosed that it had suffered a serious intrusion into its information systems. The breach was detected overnight between 11 and 12 December and confirmed publicly by Interior Minister Laurent Nuñez, who acknowledged that "a number of files important to us could be consulted."

The attackers gained a foothold by compromising professional email inboxes and recovering access credentials, which let them reach internal systems over the course of several days. From there they were able to consult highly sensitive law-enforcement databases. The minister attributed the initial compromise to human "carelessness" with security procedures rather than a sophisticated technical exploit.

Files and data reported as accessed include:

  • The TAJ (Traitement des Antécédents Judiciaires) criminal-records database
  • The FPR (Fichier des Personnes Recherchées) wanted-persons file
  • Various internal documents and email content from compromised mailboxes

There was a sharp discrepancy over scale: on the BreachForums marketplace, threat actors claimed to have stolen data on 16,444,373 people from French police records and gave authorities roughly a week to negotiate before publishing. The ministry disputed these figures, stating that only a few dozen files were confirmed to have been exfiltrated. No ransom demand was acknowledged by officials.

A judicial investigation was opened, and on 17 December 2025 French authorities arrested a 22-year-old suspect (born 2003, with a prior 2025 conviction for similar offences), charged with unauthorised access to an automated personal-data processing system as part of an organised group. The incident was contained and the investigation remained ongoing at the time of reporting.

Sources

  1. rtl.frhttps://www.rtl.fr/actu/justice-faits-divers/un-assaillant-a-pu-penetrer-sur-un-certain-nombre-de-fichiers-sur-rtl-laurent-nu-ez-confirme-une-attaque-informatique-au-ministere-de-l-interieur-7900577003
  2. euronews.comhttps://www.euronews.com/2025/12/17/french-interior-ministry-targeted-in-massive-cyberattack-minister-confirms
  3. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/france-arrests-suspect-tied-to-cyberattack-on-interior-ministry/
  4. therecord.mediahttps://therecord.media/france-interior-ministry-email-breach-investigation
  5. cybernews.comhttps://cybernews.com/security/france-interior-ministry-beauvau-data-breach/

Related incidents

Data breachUnknown

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim
justice.fr
Data breachContained

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

Victim
French Ministry of Sports
Data breachContained

Leak at France Travail

On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
1.6M