France’s Interior Ministry suffered a cyberattack that lasted several days, Interior Minister Laurent Nuñez revealed. Hackers targeted professional email accounts within the Place Beauvau ministry, which employs nearly 300,000 people. The intrusion allowed them to access sensitive police files, triggering a swift response from ministry officials. Nuñez confirmed the breach publicly on Wednesday, explaining that authorities immediately launched a judicial investigation to identify the perpetrators and contain the damage. While the full impact remains uncertain, the incident has highlighted vulnerabilities within the ministry’s digital infrastructure.
How Hackers Accessed Critical Systems
According to Nuñez, the attackers gained entry by compromising several professional email inboxes and retrieving login credentials. With these credentials, they could consult internal files, including highly sensitive police databases. Among the records accessed were the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR). Although investigators have not yet determined the full scope of the breach, they suspect that a few dozen files may have been removed.
The minister emphasized that authorities cannot yet say whether the intrusion affected ongoing investigations. However, he reassured the public that the breach did not put anyone’s life in danger. Officials confirmed that the hackers did not make any ransom demands, indicating that the attack’s motive may have been information gathering rather than financial gain.
Accountability, Denials, and Ongoing Investigations
Nuñez attributed the breach to human error despite regular reminders about cybersecurity protocols. He noted that even a few individuals failing to follow security rules can create significant vulnerabilities for an organization of this size. The ministry first noticed unusual activity last week, which BFMTV reported. Shortly afterward, a hacker group claimed—without evidence—that it had accessed data from more than 16 million people. Nuñez denied these claims, calling them false.
The ministry formally notified CNIL, France’s data protection authority, as required by law, and Nuñez ordered an internal administrative investigation. France’s Anti-Cybercrime Office (OFAC) now leads the inquiry, working alongside judicial authorities to track down those responsible. The incident has prompted renewed scrutiny of the ministry’s cybersecurity measures, emphasizing the challenges large organizations face in protecting sensitive digital information.
