Interministerial Directorate for Digital Affairs, French Government, Ministry of Finance, Ministry of Interior, Ministry of Education and Ministry of Defense: Tchap Messenger Breach Exposes Data of 73,000+ French Government Employees

Interministerial Directorate for Digital Affairs, French Government, Ministry of Finance, Ministry of Interior, Ministry of Education and Ministry of Defense: Tchap Messenger Breach Exposes Data of 73,000+ French Government Employees

French Government’s Secure Messaging Platform Tchap Breached, 13.51 GB of Data Exfiltrated

A threat actor operating under the alias misere has claimed responsibility for compromising Tchap, the encrypted messaging platform used by the French government, allegedly stealing 13.51 GB of sensitive internal data. The breach, detected by France’s national cybersecurity agency (ANSSI) on June 7, 2026, targeted the platform’s education ministry shard (matrix.agent.education.tchap.gouv.fr) via a hijacked user account obtained through social engineering.

Developed by the Interministerial Directorate for Digital Affairs (DINUM) and built on the Matrix/Synapse open-source protocol, Tchap was mandated for all French public officials in September 2025 as a sovereign alternative to commercial apps like Signal and WhatsApp. With over 825,000 registered civil servants across ministries, the platform supports end-to-end encryption for private conversations but leaves public chat rooms unencrypted.

The attacker exploited Tchap’s non-shard-isolated user directory, allowing them to enumerate 73,467 government accounts across all ministries. From the compromised education ministry account, they scraped 643,459 messages from accessible rooms, 876 discussion channels, and 59,386 media files including 90 instances of "Diffusion Restreinte", France’s restricted government classification level. Exposed data also included internal Zoom and Webex meeting links, device metadata, and communications from key ministries, including Interior, Finance, Defense, Justice, and National Education.

DINUM confirmed that the breach exposed personal data such as full names, government email addresses, organizational affiliations, and profile avatars. While private messages remained encrypted, the incident highlighted a critical flaw: public rooms on Matrix-based platforms are accessible to any authenticated user, meaning a single compromised account could harvest vast amounts of sensitive data without exploiting software vulnerabilities.

Upon discovery, DINUM blocked the compromised account and launched an investigation with ANSSI. The agency also notified France’s data protection authority (CNIL) and issued a platform-wide alert to users, emphasizing the lack of encryption in public chat rooms. French officials have since maintained that the confidentiality of private messages was not compromised.

Source: https://cyberpress.org/tchap-messenger-breach-exposes/

Direction interministérielle du numérique (DINUM) cybersecurity rating report: https://www.rankiteo.com/company/direction-interministerielle-du-numerique-dinum

The French Institute in India cybersecurity rating report: https://www.rankiteo.com/company/ifiofficiel

French Ministry for Armed Forces cybersecurity rating report: https://www.rankiteo.com/company/french-ministry-of-armed-forces

"id": "DIRIFIFRE1781260189",
"linkid": "direction-interministerielle-du-numerique-dinum, ifiofficiel, french-ministry-of-armed-forces",
"type": "Breach",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '73,467 government accounts '
                                              'enumerated, multiple ministries '
                                              'impacted',
                        'industry': 'Public Sector',
                        'location': 'France',
                        'name': 'French Government (DINUM - Interministerial '
                                'Directorate for Digital Affairs)',
                        'size': '825,000 registered civil servants',
                        'type': 'Government'}],
 'attack_vector': 'Social Engineering',
 'data_breach': {'data_encryption': 'Private messages remained encrypted; '
                                    'public chat rooms were unencrypted',
                 'data_exfiltration': '13.51 GB of data stolen',
                 'file_types_exposed': 'Media files, messages, meeting links',
                 'number_of_records_exposed': '643,459 messages, 59,386 media '
                                              'files, 73,467 accounts '
                                              'enumerated',
                 'personally_identifiable_information': 'Full names, '
                                                        'government email '
                                                        'addresses, '
                                                        'organizational '
                                                        'affiliations, profile '
                                                        'avatars',
                 'sensitivity_of_data': "High (includes 'Diffusion Restreinte' "
                                        'classified data)',
                 'type_of_data_compromised': 'Messages, media files, internal '
                                             'meeting links, device metadata, '
                                             'government communications, '
                                             'personally identifiable '
                                             'information'},
 'date_detected': '2026-06-07',
 'description': 'A threat actor operating under the alias *misere* compromised '
                'Tchap, the encrypted messaging platform used by the French '
                'government, allegedly stealing 13.51 GB of sensitive internal '
                'data. The breach targeted the platform’s education ministry '
                'shard via a hijacked user account obtained through social '
                'engineering. The attacker exploited Tchap’s '
                'non-shard-isolated user directory to enumerate 73,467 '
                'government accounts and scraped 643,459 messages, 876 '
                'discussion channels, and 59,386 media files, including 90 '
                "instances of 'Diffusion Restreinte' (France’s restricted "
                'government classification level).',
 'impact': {'brand_reputation_impact': 'Damage to trust in sovereign secure '
                                       'messaging platform',
            'data_compromised': '13.51 GB of sensitive internal data, '
                                'including 643,459 messages, 876 discussion '
                                'channels, 59,386 media files, and 90 '
                                "instances of 'Diffusion Restreinte'",
            'identity_theft_risk': 'Exposure of full names, government email '
                                   'addresses, organizational affiliations',
            'operational_impact': 'Platform-wide alert issued, compromised '
                                  'account blocked',
            'systems_affected': 'Tchap (matrix.agent.education.tchap.gouv.fr '
                                'shard)'},
 'initial_access_broker': {'entry_point': 'Hijacked user account via social '
                                          'engineering',
                           'high_value_targets': 'Education ministry shard, '
                                                 'other ministries (Interior, '
                                                 'Finance, Defense, Justice, '
                                                 'National Education)'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Critical flaw in public room accessibility on '
                    'Matrix-based platforms; need for shard isolation and '
                    'encryption in public chat rooms',
 'post_incident_analysis': {'corrective_actions': 'Blocked compromised '
                                                  'account, launched '
                                                  'investigation, notified '
                                                  'CNIL, issued platform-wide '
                                                  'alert',
                            'root_causes': 'Non-shard-isolated user directory, '
                                           'unencrypted public chat rooms, '
                                           'compromised account via social '
                                           'engineering'},
 'recommendations': 'Implement shard isolation, enforce encryption for public '
                    'chat rooms, enhance user authentication and monitoring',
 'references': [{'source': 'ANSSI (France’s national cybersecurity agency)'}],
 'regulatory_compliance': {'regulatory_notifications': 'CNIL notified'},
 'response': {'communication_strategy': 'Notification to CNIL, alert to users '
                                        'about unencrypted public chat rooms',
              'containment_measures': 'Compromised account blocked',
              'incident_response_plan_activated': 'Yes',
              'remediation_measures': 'Investigation launched with ANSSI, '
                                      'platform-wide alert issued'},
 'stakeholder_advisories': 'Platform-wide alert to users about unencrypted '
                           'public chat rooms',
 'threat_actor': 'misere',
 'title': 'French Government’s Secure Messaging Platform Tchap Breached, 13.51 '
          'GB of Data Exfiltrated',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Non-shard-isolated user directory, unencrypted '
                            'public chat rooms'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.