French authorities arrested a 22-year-old man on 17 December in connection with a cyberattack that breached France’s Ministry of the Interior email servers earlier this month. Prosecutors said the suspect was taken into custody by the cybercrime unit of the Paris public prosecutor’s office and faces charges that include unauthorised access to an automated personal data processing system operated by the state under an organised group. The offence could carry a prison term of up to 10 years under French law. The individual is already known to law enforcement and was previously convicted of similar computer-related offences in 2025.
The arrest follows technical and judicial inquiries into the breach of the ministry’s internal email systems, which was first detected between December 11 and 12. Officials confirmed that attackers gained access to some document files stored on the compromised servers. Interior Minister Laurent Nuñez stated that authorities have implemented additional security controls following the incident, while investigations continue to determine the full extent of the breach and whether sensitive data was compromised.
The Paris public prosecutor’s office said the investigation remains active and provided limited details about the suspect’s prior convictions. Prosecutors did not disclose the specific nature of earlier offences but confirmed that the individual is the subject of ongoing proceedings related to the cyberattack. Investigators from France’s Office for Combating Cybercrime (known by its French acronym OFAC) are leading the inquiry, and an official statement is expected at the end of the suspect’s police custody period, which can last up to 48 hours.
The breach prompted heightened scrutiny of the ministry’s email infrastructure, which serves as a core communication channel for staff. Officials have not publicly confirmed any large-scale data theft, though the intrusion allowed unauthorised viewing of certain internal files. Cybersecurity measures were tightened in response, including strengthened access controls and system monitoring. The ministry has reaffirmed its commitment to bolstering defences and working with national cybersecurity authorities to prevent similar incidents.
Public discussion of the breach on internet forums included claims by individuals on the BreachForums hacking platform that they were responsible for the attack and that they had accessed millions of records from police databases. These assertions have not been verified by French authorities and remain under investigation. The government has not confirmed any link between the arrested suspect and posts on hacking forums, and officials continue to investigate all leads in the probe.
Interior Minister Nuñez described the attack as a serious incident given the sensitivity of the systems affected and the potential for access to confidential information. He said the ministry’s technical teams are working with the French National Cybersecurity Agency to analyse the methods used by the attackers and to reinforce security protocols across government systems. The ministry also reported the incident to France’s data protection regulator as required by law, and judicial and administrative investigations are progressing in parallel.
Law enforcement officials emphasised that attributing responsibility for the attack is a complex process, and they declined to speculate on the involvement of organised cybercrime groups until more evidence is available. The ongoing inquiry reflects broader concerns about the vulnerability of government networks to sophisticated cyber threats and the challenges authorities face in both defending critical infrastructure and pursuing legal action against individuals suspected of carrying out such attacks.
The arrest highlights ongoing efforts by French authorities to identify and hold accountable individuals responsible for cyberattacks against public sector institutions. Cybercrime units continue to work with domestic and international partners to trace the origins of attacks and to strengthen resilience against future intrusions targeting government and critical national infrastructure.