France’s Interior Ministry faced a cyberattack that lasted several days, Interior Minister Laurent Nuñez confirmed. The hackers specifically targeted professional email accounts at the Place Beauvau ministry, which employs nearly 300,000 people. The breach came to light after ministry teams detected suspicious activity on their email servers, prompting an immediate investigation. Nuñez spoke publicly about the incident on Wednesday, emphasizing the ministry’s rapid response while acknowledging the seriousness of the intrusion.
He explained that the attack allowed unauthorized access to internal email accounts and, through them, sensitive police files. While the breach has raised concerns about security and privacy, the minister reassured the public that authorities acted swiftly to contain the situation.
How Hackers Gained Access and What They Saw
Nuñez said the attackers accessed several professional email inboxes and recovered login credentials, which opened the door to restricted systems. Once inside, the intruders were able to consult multiple important police databases, including the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR).
The minister acknowledged that the full scope of the compromise remains unclear. At this stage, authorities believe that a few dozen files may have been removed from the system, though they cannot yet determine the exact impact. He also stressed that the intrusion has not endangered public safety and that officials have received no ransom demand.
Responsibility, Investigations, and Official Response
Nuñez attributed the breach to lapses in cybersecurity practices, noting that even a small number of staff failing to follow security procedures can expose the entire ministry. He said the ministry regularly reminds employees about proper digital hygiene, but human error still played a role in this attack.
The incident gained wider attention after a hacker group claimed, without evidence, that it had accessed information on more than 16 million people. Nuñez rejected these claims, calling them false. In line with legal requirements, the ministry notified the CNIL, France’s data protection authority, and Nuñez ordered an internal administrative investigation.
The French Anti-Cybercrime Office (OFAC) now leads the inquiry, while judicial authorities work to identify and hold the perpetrators accountable. The ministry continues to monitor systems closely and implement measures to prevent similar incidents in the future.
