**Cyberattack Claim Targets French Family Benefits Agency (CAF) Amid Hacker’s Escalating Threats**
A hacker known as Indra, who previously claimed responsibility for a cyberattack on France’s Interior Ministry, has now alleged a breach of the Caisse d’Allocations Familiales (CAF), the national family benefits agency. In a post on the cybercriminal forum Breachforums late yesterday, the hacker asserted access to 15 GB of data—reportedly containing 22 million lines of personal information on nearly 4 million beneficiaries. The leaked files, reviewed by BFMTV, include names, birthdates, email addresses, and phone numbers of individuals registered with the CAF between September 2022 and November 2025. Indra framed the attack as a "Christmas gift to France."
The CAF swiftly denied the claims, stating that no intrusion or vulnerability had been detected in its systems. In an official response, the agency insisted its infrastructure remains secure and that the exposed data did not originate from its own databases. Instead, the CAF suggested the information may have been sourced from other public services with which it exchanges data, though it confirmed no technical breach of its information flows. Notably, the agency emphasized that no banking details or passwords were included in the leaked files.
The same Indra account had earlier claimed responsibility for compromising the Interior Ministry’s systems, including sensitive police databases like the Traitement des Antécédents Judiciaires (TAJ) and the Fichier des Personnes Recherchées (FPR). That attack was reportedly executed by hijacking personal email accounts of ministry employees. Authorities arrested a 22-year-old suspect in connection with the Interior Ministry breach just hours before the CAF-related post appeared, though the origin of the CAF data remains unconfirmed.
While the CAF maintains its systems were not breached, the authenticity of the leaked data raises questions about the broader security of interconnected public-sector networks. Investigations into both incidents are ongoing.
Ministère de l'Intérieur TPRM report: https://www.rankiteo.com/company/ministere-de-l-interieur
Caisse d'Allocations Familiales TPRM report: https://www.rankiteo.com/company/caf-allocations-familiales
"id": "mincaf1766073386",
"linkid": "ministere-de-l-interieur, caf-allocations-familiales",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': 'Nearly 4 million allocataires',
'industry': 'Social Services',
'location': 'France',
'name': "Caisse d'Allocations Familiales (CAF)",
'type': 'Government Agency'}],
'attack_vector': 'Compromised employee personal accounts (alleged)',
'customer_advisories': 'CAF issued a public statement denying the breach and '
'clarifying data origin',
'data_breach': {'data_exfiltration': 'Yes (15 GB of data published)',
'number_of_records_exposed': '22 million lines of information '
'(allegedly 4 million '
'allocataires)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personally identifiable '
'information)',
'type_of_data_compromised': ['Names',
'First names',
'Dates of birth',
'Emails',
'Phone numbers']},
'description': 'Hacker Indra claimed to have compromised the systems of the '
"Caisse d'Allocations Familiales (CAF) and published 15 GB of "
'data containing personal information of nearly 4 million '
'allocataires. CAF denies any intrusion into its systems, '
'suggesting the data may originate from other public services.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '15 GB of data, 22 million lines of '
'information',
'identity_theft_risk': 'High (personal data exposed)',
'payment_information_risk': 'None (no banking data or passwords '
'exposed)'},
'initial_access_broker': {'entry_point': 'Alleged compromise of employee '
'personal accounts (Ministry of '
'Interior attack)'},
'investigation_status': 'Ongoing (22-year-old suspect arrested)',
'motivation': 'Unknown (possibly financial gain or disruption)',
'references': [{'source': 'BFMTV'},
{'source': 'Breachforums (cybercrime forum)'}],
'regulatory_compliance': {'legal_actions': 'Investigation opened for '
"'atteinte à un système de "
'traitement automatisé de données '
'à caractère personnel mis en '
"œuvre par l'Etat en bande "
"organisée'"},
'response': {'communication_strategy': 'Public denial of breach, '
'clarification on data origin',
'law_enforcement_notified': 'Yes (investigation ongoing)'},
'threat_actor': 'Indra',
'title': "Alleged Cyberattack on Caisse d'Allocations Familiales (CAF) by "
'Hacker Indra',
'type': 'Data Breach'}