In December 2025, France’s Interior Ministry faced a significant cyberattack that exposed sensitive data, including judicial records and personal information. The breach occurred between December 11 and 12, when attackers accessed professional email accounts of ministry personnel, allowing them to retrieve access codes and gain entry into internal systems. (euronews.com)
The compromised databases included the Criminal Records Processing System (TAJ), containing approximately 17 million records on individuals involved in crimes or offenses, and the Wanted Persons File (FPR), which holds sensitive data on individuals considered risks to national security. (lemonde.fr)
Interior Minister Laurent Nuñez confirmed the intrusion, stating that “a few dozen files” were removed from the system, but emphasized the uncertainty regarding the full extent of the breach. He attributed the incident to lapses in security protocols, noting that some individuals failed to adhere to established safety rules. (euronews.com)
Dont let data threats slow you downTrueNAS offers enterprise-level protection.
The cyberattack has raised concerns about the ministry’s cybersecurity measures, particularly the lack of two-factor authentication, which the ministry now plans to implement across departments. (lemonde.fr)
In response to the breach, French authorities have initiated multiple investigations. A judicial inquiry led by the Paris prosecutor’s office aims to identify the perpetrators, while an administrative probe seeks to assess the scope of the breach. The National Commission on Informatics and Liberty (CNIL) has also been informed. (franceinenglish.com)
On December 17, 2025, a 22-year-old man was arrested in connection with the cyberattack. He faces charges, including unauthorized access to a state-run automated personal data processing system, with a potential sentence of up to 10 years in prison. (thecyberexpress.com)
The breach has underscored the need for enhanced cybersecurity measures within government agencies. The French National Cybersecurity Agency (ANSSI) is collaborating with the ministry to implement emergency response measures, including widespread deployment of multi-factor authentication, revocation of compromised credentials, forced password resets, infrastructure hardening, and reinforced access controls across affected systems. (therealistjuggernaut.com)
This incident serves as a stark reminder of the vulnerabilities inherent in governmental cybersecurity infrastructures and the critical importance of robust security protocols to protect sensitive data.
Be the first to comment