Hackers threaten data dump following breach of France’s Interior Ministry

French officials have cautioned that a significant personal data breach may have occurred following a cyberattack on the information systems of the country’s Ministry of the Interior.

Hackers claim that the intrusion enabled them to obtain personal data relating to more than 16.4 million individuals. Statements asserting this were published on the criminal forum BreachForums. According to the attackers, they were able to access not only the Interior Ministry’s email infrastructure but also police databases.

Last week, French Interior Minister Laurent Nuñez confirmed that the cyberattack had taken place and acknowledged that intruders had accessed a number of internal ministry files. At the same time, he said that, at that stage, there were no signs of a massive compromise of the ministry’s systems.

Reports also cited an unidentified individual who claimed the attack was carried out in retaliation for the arrest of most members of the hacking group Shiny Hunters. According to this source, French authorities were given a one-week deadline to make contact and enter into negotiations, failing which the stolen data would be released publicly.

The same account said the hackers gained access to official email accounts, extracted passwords, and remained inside the ministry’s information systems for several days. During that time, they allegedly “viewed” the TAJ database, which contains judicial case records, and the FPR file, which lists wanted persons. Nuñez described both databases as “important for the Ministry of the Interior.”

The minister acknowledged that there had been instances of “carelessness” within the ministry but stressed that there is currently no evidence that millions of records were actually compromised. He also said the incident “does not put citizens’ lives at risk.” No ransom demand has been made. However, Nuñez emphasised that the attack was “very serious” and could, in theory, have affected ongoing investigations, although there is no confirmation that this occurred.

As previously reported, the cyberattack took place overnight between December 11 and December 12.

The incident comes against the backdrop of heightened concern in France over cyber threats. A few months earlier, French authorities publicly accused Russia’s military intelligence-linked hacking group APT28, also known as Fancy Bear, of conducting a prolonged campaign of cyberattacks against French institutions, including attempts to influence elections and disrupt national media.

Between 2021 and 2024, France’s cybersecurity agency ANSSI reported that hackers linked to Russia’s military intelligence targeted a broad range of French government bodies, private companies, and organisations connected to the Paris Olympics, underscoring persistent risks to critical infrastructure.

In response, French authorities have stepped up cybersecurity measures in recent years, including publicly attributing attacks to foreign actors and expanding cooperation with international partners, reflecting an evolving approach to increasingly frequent and complex cyber threats.

By Tamilla Hasanova