France investigates Interior Ministry email breach and access to confidential files

France’s Interior Ministry said it is investigating a malicious cyber intrusion into its email servers and confirmed the attacker gained unauthorized access to several email accounts and dozens of confidential documents.

The announcement follows a user on the cybercrime website BreachForums claiming to have hacked the ministry. A spokesperson said the “reality and scope” of that post “are currently being subjected to in-depth verification as part of the investigation.”

“Initial technical investigations, conducted by the Ministry's cybersecurity center in close collaboration with the French National Cybersecurity Agency (ANSSI), have determined that unauthorized access allowed an attacker to view a limited number of professional email accounts,” the ministry stated.

Interior Minister Laurent Nuñez told broadcaster FranceInfo that the ministry believed dozens of confidential files relating to judicial records and wanted persons had been accessed last week. He said the hackers had been in the network for several days.

Nuñez said he could not “absolutely say whether this will compromise investigations or not,” but stressed that the ministry had not received a ransom demand and that the attack “does not endanger the lives of our fellow citizens.”

Officials said the incident is being handled “with the highest vigilance and at the highest level” because of the sensitivity of the systems involved.

It has sparked a formal judicial investigation by the Paris Public Prosecutor’s Office led by the judicial police’s anti-cybercrime unit. A data breach report has been filed with the country’s data protection regulator, the National Commission for Information Technology and Civil Liberties (CNIL).

“Analyses are continuing to determine precisely the scope, nature and volume of the data concerned, and above all what data may have been captured,” the ministry said, cautioning that “at this stage, it is not possible to draw definitive conclusions without prejudging the results of the ongoing technical and judicial investigations.”

The ministry warned the attackers could have acquired material from compromised email accounts that “may have opened access to internal business applications,” raising concerns about possible lateral movement within government systems.

Emergency measures introduced in response to the breach have included “increased security of infrastructure, widespread implementation of two-factor authentication, revocation of compromised access, password changes, and strict reminders of digital hygiene practices to all staff,” officials said.

The measures are being implemented “under the supervision of ANSSI, the guarantor of the highest standards in information systems security.”

Alongside the judicial probe, the Interior Minister said he had ordered an internal administrative investigation into the hack. He “strongly condemns this very serious attack,” the ministry said, and vowed that “all means are being deployed to halt this intrusion and strengthen the overall security level of the ministry’s information systems.”