SYS::ONLINE
Wasteland.
Briefs1244
Issues19
SinceFeb 2026
LIVE
▣ Breach FRENCH-GOVERNMENT- 2026-07-18

French Government Tchap: Threat Actor Claims Mass Data Access

"France's government secure messaging platform Tchap has been compromised, according to a disclosure confirmed by French officials after France's National Cybersecurity Agency (ANSSI) detected suspicious activity and the…"

France's government secure messaging platform Tchap has been compromised, according to a disclosure confirmed by French officials after France's National Cybersecurity Agency (ANSSI) detected suspicious activity and the French Digital Affairs Directorate (DINUM) opened an investigation. Officials contend the exposure was limited to public chat rooms, while a threat actor claims access to far more: over 73,000 user accounts, roughly 643,000 messages, nearly 60,000 media files, and hundreds of chat rooms. The gap between the two narratives is now the central question of the incident.

What Happened

The chain began when ANSSI flagged suspicious activity on Tchap, the Matrix-based messaging application built for French public officials and civil servants. DINUM took over the investigation and, in its initial assessment, concluded the attacker reached only public chat rooms accessible to any Tchap user. That framing was quickly disputed. A cyber criminal stepped forward claiming responsibility and provided detailed figures that contradict the official account, asserting a far broader compromise of accounts, messages, and stored media. Investigators are still working through server logs to establish the true scope, and the two versions of events have not yet been reconciled.

What Was Taken

The threat actor claims to have pulled a substantial trove: more than 73,000 user accounts, approximately 643,000 messages, close to 60,000 media files, and hundreds of chat rooms. Most concerning, the actor alleges the data includes documents marked "Diffusion Restreinte," a French government restricted-distribution classification, which would place sensitive official material in the exposure. The actor also claims that user enumeration was possible through a directory search function, meaning attackers could confirm which officials hold accounts. French officials counter that private conversations remain encrypted even when an account is compromised and were not exposed, while acknowledging to data protection watchdog CNIL that personal information in public chat rooms may have been affected.

Why It Matters

Tchap exists precisely because France wanted government communications off commercial platforms and under national control. A breach of that platform, whatever its final scope, undercuts the core value proposition of a sovereign secure-messaging system. Even the government's own limited-exposure narrative concedes that personal data tied to public rooms was affected and warranted a regulator notification. If the threat actor's claims hold, the presence of restricted-distribution documents and a working user-enumeration path would elevate this from a privacy incident to a national security concern, exposing both the identities of officials and the contents of their work. For defenders everywhere, the episode is a reminder that "secure" platforms still carry conventional application-layer risk in their directory services, room permissions, and metadata.

The Attack Technique

The precise intrusion vector has not been confirmed, and investigators are still parsing logs. The strongest technical detail so far is the actor's claim that a directory search function enabled user enumeration, which points to abuse of legitimate application features rather than a break in the underlying encryption. That pattern, harvesting accessible public rooms and enumerable user data through intended functionality, would explain how officials can maintain that private end-to-end encrypted conversations stayed protected while the actor simultaneously claims a large haul. The dispute over volume likely turns on how much content was reachable through public rooms and exposed directory functions versus genuinely private channels.

What Organizations Should Do

Sources: French Government Hacked! Tchap Messaging App Compromised - What You Need to Know (2026)

TWEET: Tchap breached; actor claims 73K accounts, 643K messages, 60K media files. France says only public rooms hit. Full breakdown: https://wasteland.me/intel/french-government-tchap-breach #CyberSecurity #ThreatIntel