France’s Interior Ministry has confirmed that its email servers were breached in a cyberattack that allowed unauthorised access to internal files, while attackers have made unverified claims that the incident exposed data on up to 16 million people. The ministry said the attack occurred overnight between 11 and 12 December 2025, and that it identified the activity through routine monitoring. Interior Minister Laurent Nuñez said authorities are investigating how the breach occurred and whether any sensitive information was accessed.
The ministry described the incident as a breach of its email infrastructure, not a broad compromise of all government systems. Nuñez told RTL radio that attackers gained access to a number of document files stored on the email servers and that protective measures were immediately implemented, including tightening access controls across systems used by ministry personnel. He added that there is currently no clear evidence that data was seriously compromised beyond the email infrastructure.
Attackers claiming responsibility posted messages on underground forums asserting that the breach involved sensitive databases and exposed personal information for up to 16 million French citizens, or nearly a quarter of the country’s population. The posts suggested that systems such as the Criminal Records Processing System (TAJ) and the Wanted Persons File (FPR) were accessed, along with other data sets, including financial and pension information. The messages also included an ultimatum that the government pay a ransom to prevent the purported data from being sold to other cybercriminals.
French authorities have not verified the claims about the scale or nature of the alleged dataset and have cautioned against accepting uncorroborated posts as fact. Nuñez said investigative work is ongoing to determine what was accessed and whether any information was exfiltrated, with judicial authorities and cybersecurity specialists assisting the inquiry. At this stage, the only confirmed element is that attackers accessed some files on the email servers.
Officials have outlined several possible motives for the incident, including cybercrime, hacktivism aimed at exposing perceived weaknesses in government systems, or foreign interference. No specific threat actor has been publicly identified, and the ministry continues to evaluate all scenarios as part of its investigation. The attack highlights ongoing concerns about the vulnerability of government communication infrastructure to sophisticated threats.
Security analysts said that email infrastructure at high-level government institutions can be an attractive target because internal communications and documents may contain operational or strategic information. They also pointed out that claims made on anonymous forums should be treated with caution until evidence is presented. Analysts added that even limited access to internal systems can carry risks, and that thorough forensic analysis is necessary to assess the full impact of the breach.
The ministry stated that public services and core national security functions were not disrupted by the breach. It said it will continue to provide updates as the investigation progresses and that strengthening cybersecurity measures remains a priority amid rising threats targeting government infrastructure