France’s Interior Ministry suffered a cyberattack that lasted several days, Interior Minister Laurent Nuñez confirmed. The attackers specifically targeted professional email accounts at the Place Beauvau ministry, which employs nearly 300,000 people. Nuñez revealed the incident during an interview on Franceinfo, describing it as a “malicious intrusion” that authorities discovered only after noticing unusual activity in the ministry’s email systems. While the breach exposed sensitive internal files, the minister stressed that officials acted quickly to contain the situation and begin an investigation.
According to Nuñez, the attack allowed hackers to access internal police databases and potentially remove some files. The intrusion highlighted vulnerabilities in the ministry’s security protocols, even though staff regularly receive reminders about proper cybersecurity procedures. The breach underscores how a few lapses in following rules can expose an entire institution to significant risk.
How Hackers Accessed Sensitive Data
The attackers gained access by targeting several professional email inboxes and recovering login credentials. Once inside, they could consult multiple important police files, including the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR). Nuñez admitted that investigators still cannot determine the full scope of the intrusion, though early assessments suggest only a few dozen files may have been removed.
The minister emphasized that the breach has not endangered ongoing investigations or public safety. No ransom demand accompanied the attack, he added. Authorities continue to review what information the hackers could have accessed, while implementing additional measures to strengthen internal security and prevent similar breaches in the future.
Official Response and Ongoing Investigation
The incident first came to public attention after BFMTV reported suspicious activity affecting the ministry’s email servers. Following the breach, a hacker group claimed—without providing evidence—that they had accessed data on more than 16 million people. Nuñez rejected these claims as false.
The ministry has notified the CNIL, France’s data protection authority, as required by law, and Nuñez ordered an internal administrative review. Meanwhile, France’s Anti-Cybercrime Office (OFAC) is leading the investigation, and judicial authorities are working to identify the perpetrators as quickly as possible. The attack has prompted the ministry to reexamine its security protocols and reinforce the importance of careful adherence to cybersecurity procedures.
