French Government’s Secure Messaging Platform Tchap Breached in Social Engineering Attack
Hackers compromised Tchap, the French government’s secure messaging platform for public sector employees, by exploiting a user account through a social engineering attack. The breach was detected by the French Cybersecurity Agency (ANSSI) and reported by the Directorate of Digital Affairs (DINUM), prompting an alert to France’s data protection authority over potential exposure of personal data.
According to claims by the threat actors, the attack involved accessing hardcoded LDAP credentials, allowing them to exfiltrate 13.5GB of documents and media files. They also allegedly scraped nearly 650,000 messages and data from over 73,000 accounts, including email addresses and metadata.
DINUM has disabled the compromised account and is investigating the full scope of the breach. Users have been reminded that public chat rooms on Tchap are unencrypted and should not be used for sensitive communications. The incident follows a separate data breach at a French government agency last month, raising concerns about cybersecurity vulnerabilities in public sector systems.
French Government TPRM report: https://www.rankiteo.com/company/ambassade-de-france-aux-etats-unis
"id": "amb1781079954",
"linkid": "ambassade-de-france-aux-etats-unis",
"type": "Breach",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Over 73,000 accounts',
'industry': 'Public Sector',
'location': 'France',
'name': 'Tchap (French Government Secure Messaging '
'Platform)',
'type': 'Government Platform'}],
'attack_vector': 'Social Engineering',
'customer_advisories': 'Avoid using public chat rooms for sensitive '
'communications',
'data_breach': {'data_exfiltration': '13.5GB of data exfiltrated',
'file_types_exposed': ['Documents', 'Media files'],
'number_of_records_exposed': 'Over 73,000 accounts, nearly '
'650,000 messages',
'personally_identifiable_information': 'Email addresses',
'sensitivity_of_data': 'Personal data, potentially sensitive '
'government communications',
'type_of_data_compromised': ['Documents',
'Media files',
'Messages',
'Email addresses',
'Metadata']},
'description': 'Hackers compromised Tchap, the French government’s secure '
'messaging platform for public sector employees, by exploiting '
'a user account through a social engineering attack. The '
'breach was detected by the French Cybersecurity Agency '
'(ANSSI) and reported by the Directorate of Digital Affairs '
'(DINUM), prompting an alert to France’s data protection '
'authority over potential exposure of personal data. The '
'threat actors claimed to have accessed hardcoded LDAP '
'credentials, exfiltrating 13.5GB of documents and media '
'files, and scraping nearly 650,000 messages and data from '
'over 73,000 accounts, including email addresses and metadata.',
'impact': {'brand_reputation_impact': 'Raised concerns about cybersecurity '
'vulnerabilities in public sector '
'systems',
'data_compromised': '13.5GB of documents and media files, nearly '
'650,000 messages, data from over 73,000 '
'accounts (email addresses and metadata)',
'systems_affected': 'Tchap secure messaging platform'},
'initial_access_broker': {'entry_point': 'Social engineering attack on a user '
'account'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': 'Exploitation of hardcoded LDAP '
'credentials, social engineering '
'attack'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Avoid using public chat rooms on Tchap for sensitive '
'communications',
'references': [{'source': 'French Cybersecurity Agency (ANSSI)'},
{'source': 'Directorate of Digital Affairs (DINUM)'}],
'regulatory_compliance': {'regulatory_notifications': 'Alert to France’s data '
'protection authority'},
'response': {'communication_strategy': 'Users reminded that public chat rooms '
'on Tchap are unencrypted and should '
'not be used for sensitive '
'communications',
'containment_measures': 'Disabled the compromised account'},
'stakeholder_advisories': 'Users reminded about unencrypted public chat rooms',
'title': 'French Government’s Secure Messaging Platform Tchap Breached in '
'Social Engineering Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Hardcoded LDAP credentials'}