France’s Interior Ministry suffered a cyberattack that lasted several days, targeting its internal email system, Interior Minister Laurent Nuñez confirmed. The ministry, located at Place Beauvau and employing nearly 300,000 staff, discovered the intrusion after detecting unusual activity in professional email accounts. Nuñez spoke publicly about the incident on Wednesday, acknowledging the seriousness of the breach while assuring that authorities moved quickly to contain it. The attackers gained unauthorized access to sensitive police files, raising concerns about data security and the potential impact on law enforcement operations.
The minister emphasized that the attack did not endanger public safety, and so far, no ransom demand has appeared. While the intrusion was significant, officials are still working to determine exactly how many files the hackers accessed or removed.
How Hackers Gained Access
According to Nuñez, the attackers entered the system by targeting specific professional email inboxes and recovering login credentials. Once inside, they could view several important police databases, including the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR). Investigators continue to assess the full scope of the breach, but early indications suggest that only a few dozen files may have been extracted.
Nuñez stressed that it remains unclear whether this attack will affect ongoing police investigations. However, he reassured the public that the incident has not compromised the safety of citizens. The breach demonstrates how quickly cyber intrusions can escalate when basic security protocols are overlooked.
Response and Investigation Efforts
The minister attributed the breach largely to human error, noting that even when staff regularly receive reminders about security procedures, a few lapses can expose the entire system. Last week, BFMTV reported suspicious activity on the ministry’s email servers, and a group of hackers claimed—without evidence—to have accessed data for more than 16 million people. Nuñez firmly rejected that claim as false.
In response to the breach, the ministry informed CNIL, France’s data protection authority, as required by law. Nuñez also ordered an administrative investigation to review internal procedures and prevent future attacks. Meanwhile, France’s Anti-Cybercrime Office (OFAC) now leads the criminal investigation, working alongside judicial authorities to identify and prosecute the perpetrators.
The attack underscores the growing threat of cybercrime to even the most secure government institutions and highlights the importance of rigorous adherence to security protocols across large organizations.
