France confirms cyberattack on Interior Ministry systems as hackers claim massive data exposure

French authorities confirmed this week that the Ministry of the Interior suffered a serious cyberattack that allowed unauthorized access to internal systems, as attackers publicly claimed to have obtained sensitive data tied to millions of citizens. The ministry acknowledged a malicious intrusion affecting professional accounts but disputed claims that data on a large portion of the population was exposed.

The attack came to light after a post appeared earlier this week on Breachforums, a data leak site that has repeatedly resurfaced after law enforcement takedowns. In the post, attackers said they had penetrated multiple systems operated by the Ministry of the Interior, also known as Beauvau, and claimed to possess data on 16.4 million French citizens. The attackers framed the intrusion as retaliation for recent arrests of members of the ShinnyHunters or hollow cybercrime group while simultaneously issuing financial demands tied to the alleged data.

The Ministry of the Interior confirmed that it detected a malicious intrusion and said the incident is being handled at the highest level of government. Initial technical findings show that attackers were able to view a limited number of professional email accounts. Authorities said investigations are ongoing to determine the precise scope, nature, and volume of data affected.

Interior Minister Laurent Nuñez described the incident as very serious and confirmed that systems including the Criminal Records Processing System, known as TAJ, and the Wanted Persons File, or FPR, were accessed. Those databases contain sensitive law enforcement and judicial information. Nuñez said that, at this stage, only a few dozen files have been confirmed as removed from the systems, contradicting claims that millions of records were exfiltrated.

“There was an intrusion, and that means our obligation to guarantee the highest possible level of protection was not fully met,” Nuñez said. He added that the government does not yet know the full extent of the breach or what data may have been extracted and expressed concern about the potential consequences if any stolen information were to be leaked.

The ministry said the intrusion appears to have involved compromised credentials. Attackers were able to recover access codes from certain professional inboxes where passwords had been exchanged in plain text, despite internal security rules. The Interior Ministry employs roughly 300,000 staff members, and officials said the exposure was limited to specific accounts rather than a system-wide compromise.

Attackers claimed access to a range of sensitive systems, including law enforcement databases, internal financial and pension-related data, and communication platforms used by authorities. They also alleged access to systems linked to international police cooperation. While the claims included references to large-scale exposure of personally identifiable information and criminal records, authorities said there is currently no verified evidence supporting assertions of mass data exfiltration.

French officials said all necessary measures have been taken to contain the intrusion and reinforce the security of the ministry’s information systems. A judicial investigation is underway to identify those responsible and bring them to justice.

Despite the attackers’ public ultimatum demanding payment in exchange for deleting the data, the Interior Ministry said it has not received any confirmed ransom demand through official channels. The attackers later removed their initial post, citing technical issues affecting the forum.

France has faced a series of high-profile cyber incidents in recent years, underscoring the persistent targeting of government bodies, large institutions, and major organizations. Authorities said further updates will be provided as technical and judicial investigations progress and as the full impact of the Interior Ministry intrusion becomes clearer.