The Ministry of the Interior suffered an unprecedented cyberattack. Laurent Nuñez, the Interior Minister, confirmed on December 17 on Franceinfo that the incident is extremely serious, describing it as a massive attack that struck Place Beauvau.
An intrusion via messaging
The cyber breach occurred during the night from Thursday, December 11 to Friday, December 12. According to the minister, someone managed to obtain a number of passwords for email inboxes, thereby gaining access to access codes for certain information systems within the ministry. Analyses show an intrusion into professional mailboxes containing identification elements, the retrieval of which made it possible to access various business applications.
The file processing judicial background records (TAJ) and the file of wanted persons (FPR) were in particular consulted. The TAJ lists not only individuals’ convictions but also aggregates all data derived from police and gendarmerie investigations, providing access to the contact details of victims or witnesses. The FPR, for its part, centralizes reports of fugitives, territory bans, and troubling disappearances.
A few dozen records were able to be extracted from the system, according to Laurent Nuñez, who rejected claims that millions of data entries were exfiltrated, contrary to online rumors.
A claim on BreachForums
According to Le Figaro, an individual using the alias Indra claimed responsibility for the attack on BreachForums, an English-language forum that has reappeared several times after being shut down by authorities.
In a message reported by Le Figaro, Indra says he accessed data on 16,444,373 individuals by compromising French police files. He also mentions having gained access to the EASF MI system, linked to the communication channels used by international authorities, and references DGFiP and CNAV.
The hackers give France a week to contact them in order to negotiate, threatening to gradually leak the data. But so far, no sample of the purported stolen data has been released, a practice common in this kind of hacking. Laurent Nuñez has assured that no ransom demand has been received.
A possible link with the Shiny Hunters?
According to information reported by Le Figaro, Indra claims the cyberattack was carried out in retaliation for the arrest of nearly all members of the Shiny Hunters. In June 2025, the group claimed to have launched an assault against the luxury conglomerate Kering, stealing the data of several million customers.
The identity of one of its most prominent members had made headlines in France: the French national Sébastien Raoult, barely in his twenties, who was sentenced in January 2024 in the United States to three years in prison and to a five-million-dollar restitution. The young hacker was arrested in Rabat, Morocco, following a request from the FBI, and repatriated to France in December 2024. He has been charged by French authorities with offenses against an automated data processing system upon his arrival at Roissy airport.
Admitted lapses
The Interior Minister acknowledged lapses by certain agents within the interior ministry. The breach occurred despite the prudent measures regularly disseminated. A few individuals who do not respect these rules can create a breach, he commented.
The ministry says it rolled out an immediate and strengthened action plan as soon as the intrusion was detected, securing the infrastructures, broadening two-factor authentication, and revoking compromised access.
Two investigations have been opened: one judicial and one administrative. The judicial inquiry, led under the Paris prosecutor’s office, has been entrusted to the Office for Cybercrime (OFAC) of the National Police Judicial Directorate. The CNIL, the French data protection authority, has also been seized.
