France’s Interior Ministry suffered a cyberattack that lasted several days, Interior Minister Laurent Nuñez confirmed. The attackers targeted professional email accounts at the Place Beauvau ministry, which employs nearly 300,000 people. The breach allowed unauthorized access to sensitive internal files, prompting swift action once the intrusion was discovered. Nuñez acknowledged the severity of the incident but emphasized that authorities responded quickly and are now working to fully understand the scope of the attack.
The attack came after internal teams noticed unusual activity within the ministry’s email servers, and the situation quickly escalated to a national cybersecurity concern. While the breach exposed some sensitive information, officials stressed that the safety of French citizens was never at risk.
How Hackers Gained Access
According to Nuñez, the attackers exploited weaknesses in a small number of professional email accounts and obtained login credentials. These credentials allowed them to access key police databases, including the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR). At this point, investigators cannot fully determine the number of files affected, though only a few dozen appear to have been removed from the system so far.
The minister explained that it remains unclear whether the intrusion will affect ongoing investigations. He stressed, however, that the breach did not endanger public safety and that no ransom demands had been made. Authorities are continuing to assess the full impact on ministry operations and data integrity.
Responsibility and Official Response
Nuñez attributed the breach to human error, pointing out that staff regularly receive reminders about cybersecurity rules. Even a small number of people neglecting procedures can compromise the entire system, he said. The ministry has since reinforced its internal protocols to prevent further incidents.
Last week, media reports revealed the unusual activity in the ministry’s email servers, and a hacker group later claimed—without providing evidence—that they had accessed data on over 16 million people. Nuñez dismissed these claims as false and confirmed that the ministry reported the incident to the CNIL, France’s data protection authority, as required by law. He also launched an internal administrative investigation.
France’s Anti-Cybercrime Office now leads the official investigation, while judicial authorities work to identify the perpetrators and bring them to justice as quickly as possible. The ministry continues to monitor the situation closely, ensuring all steps are taken to protect sensitive information and maintain public trust.
