Tchap breach hits 73,467 French public servants

Tchap breach – A compromise of a French government encrypted messaging platform, Tchap, exposed public-chat data linked to 73,467 public-sector employees, with personal details including names, email addresses, avatars and organization information. The attack began via a com

He didn’t need to break encryption to cause damage.

In France’s public sector, the Tchap messaging platform is built to protect private conversations. But the French government says a breach that began with a compromised user account still managed to reach the information people posted in open spaces.

DINUM, the French government’s digital affairs directorate, disclosed that the incident affects more than 73,000 employees. On Monday. it said a threat actor gained access to Tchap through a compromised user account and notified the country’s data protection authority. CNIL. because of the potential exposure of personal data shared by some users.

The numbers sharpened in a later update. DINUM said attackers may have accessed information shared by around 9% of all registered users on the platform.

“Of the more than 825,000 registered agents, 73,467 agents would be affected by this incident, or less than 9% of registered users. These forums, by design, are open to all users and their messages are not encrypted. Officers’ private conversations remain protected,” DINUM said.

While private messages are encrypted and their content is protected, DINUM explained the attacker stole all the data shared in public chat rooms. That included users’ names and email addresses, their avatar images, and the public sector organization they work for.

DINUM also said the account behind the malicious requests has been identified and was immediately blocked. The goal, it said, was to remove the attacker’s persistent access and allow for an in-depth analysis of the data the attackers were able to reach.

It listed potentially exposed data from user accounts as including last name, first name, email address, belonging entity and avatar.

DINUM has not attributed the breach to a specific actor. But a threat actor claimed responsibility over the weekend and shared a sample of stolen files, saying it gained access to the platform following a social engineering attack.

The claim says the attacker scraped nearly 650. 000 messages and information from more than 73. 000 accounts. including email addresses. meeting links. organization information. as well as account and device metadata. The actor also allegedly stole over 13.5GB of documents and media files shared by public servants using Tchap. and claimed it extracted hardcoded LDAP credentials leaked via a PowerShell script.

Tchap was developed by DINUM in collaboration with ANSSI, the French cybersecurity agency, in 2018. Built on the Matrix protocol, it is a decentralized collaboration tool and instant messaging platform for the French public sector.

Adoption has accelerated fast. After becoming the default app for work communications for all civil servants in early August 2025, Tchap has reached over 300,000 monthly users and has now passed 500,000 downloads on Google’s Play Store.

The breach lands on top of a wider security story involving French government services. In May, French authorities arrested a 15-year-old suspected of selling data stolen in an April cyberattack on ANTS, the agency for issuing and managing official identity and registration documents.

Tchap breach French government DINUM CNIL ANSSI encrypted messaging Matrix protocol social engineering public chat rooms cybersecurity