French government messaging platform Tchap breached in cyber attack

The French government’s internal encrypted messaging service, Tchap, has been compromised in a significant cyber security breach. The French National Cybersecurity Agency (ANSSI) confirmed the compromise on June 7, triggering an immediate investigation by the French Digital Affairs Directorate (DINUM), which developed and manages the application.

A threat actor has claimed responsibility for the intrusion, alleging the theft of nearly 14GB of documents, hardcoded LDAP credentials, email addresses, and meeting links shared by public servants. While DINUM confirmed that the account behind the attack has been identified and blocked, the full extent of the data extraction remains under investigation.

Tchap, launched in 2019 and built on the Matrix protocol, is a state-owned platform designed exclusively for the French public sector. It provides end-to-end encryption for private conversations; however, it does not encrypt public chatrooms. Following the breach, a message was sent to all users reminding them of this distinction, as reports indicate the threat actor shared some of the stolen files from these unencrypted channels.

The incident occurs against a backdrop of France’s accelerating push for digital sovereignty. The government is actively moving away from foreign software, having recently ditched Windows for Linux on government workstations. Plans are underway to replace Zoom and Microsoft Teams with homegrown alternatives by next year, alongside broader European efforts to reduce reliance on US tech giants.

The EU is reportedly planning to stop using Google as its default in-house search engine, with France-developed Quaint set to take its place. While the specific origin of the breach has not been publicly disclosed by authorities, the event highlights the complexities of maintaining secure, domestic infrastructure in an increasingly hostile digital landscape.