France’s digital affairs directorate, DINUM, has warned that hackers breached Tchap, the French government’s encrypted messaging platform, after gaining access through a hijacked user account.
Tchap was developed by DINUM in partnership with ANSSI, France’s cybersecurity agency, in 2018. The platform is based on the decentralized Matrix protocol and is designed for use by the French public sector. It works as a secure instant messaging and collaboration tool for government employees.
The service has grown to more than 300,000 monthly users and has been downloaded over 500,000 times from Google’s Play Store. Its use increased after Prime Minister François Bayrou ordered civil servants to use Tchap for work communications and banned foreign messaging apps for official use in August 2025.
DINUM said ANSSI detected the breach on Sunday. According to the agency, the attacker accessed the platform using a compromised user account. The incident has also been reported to CNIL, France’s data protection authority, because some personal data shared in conversations may have been exposed.
The agency said the account used in the attack has been identified and blocked to cut off the attacker’s access. Investigators are now reviewing event logs to understand which conversations were accessed and what data may have been taken.
DINUM also sent a message to all Tchap users reminding them that public chat rooms can be found and joined by any user and that their content is not encrypted. The agency said personal, sensitive, or confidential information should not be shared in public rooms and should only be exchanged in private conversations.
DINUM has not shared further technical details about the breach. However, a threat actor claimed responsibility for the incident over the weekend and said they gained access after using social engineering to compromise a valid account on the education shard of the platform.
The attacker claimed they were able to access more than 13.5GB of documents and media files shared by public servants on Tchap. They also claimed to have scraped nearly 650,000 messages and information linked to more than 73,000 accounts, including email addresses, organization details, meeting links, and device metadata.
The same actor also alleged that files shared on Tchap could be downloaded without a token if a media URL was available from a message. These claims have not been independently confirmed by DINUM.
The incident comes shortly after French authorities detained a 15-year-old suspected of selling data stolen during an April cyberattack on ANTS, the French agency responsible for issuing and managing official identity and registration documents.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
