France built its own encrypted messenger so civil servants would not have to trust WhatsApp or Telegram. Now that messenger has been breached, and the government and the attacker cannot agree on how much was taken.
France’s National Cybersecurity Agency, ANSSI, detected a compromise of Tchap on 7 June, and the Digital Affairs Directorate (DINUM), which runs the platform, published an incident notice and moved to block the account involved. Crucially, this was not a crack in the encryption or the infrastructure.
Officials say the attacker got in by hijacking a legitimate user account, a compromise of credentials rather than of the system itself.
The government’s account of the damage is narrow. Tchap, which is built on the open Matrix protocol, carries both public and private conversations, and the private ones are end-to-end encrypted. DINUM says that even when an account is impersonated, the history of those private encrypted conversations stays inaccessible, and that only the unencrypted public chat rooms, which any authenticated user can find and join, may have been viewed.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
Investigators are still working through the logs to establish exactly which conversations were reached and whether any data was taken. DINUM has notified the data-protection regulator CNIL, since personal information may have been exposed in the content the attacker could see, and reminded users that public rooms are not the place for sensitive material.
The attacker tells a far bigger story. A threat actor using the handle ‘Misère’ claims to have accessed data tied to roughly 73,000 state agents, 643,000 messages, almost 60,000 files totalling some 13.5 gigabytes, hundreds of chat rooms, and around 90 items referencing ‘Diffusion Restreinte’, a French restricted-distribution marking, spanning June 2023 to June 2026.
The attacker says entry came through social-engineering an account on Tchap’s education environment, and that a directory-search function allowed user enumeration across the service.
Those figures, relayed by dark-web intelligence channels and repeated across French security outlets, have not been verified by ANSSI or DINUM, whose statements make no mention of restricted documents, directory exposure, or any of the volumes cited.
Several French infosec analysts have explicitly kept the numbers out of their breach trackers for lack of independent confirmation. They remain an attacker’s claim, not an established fact.
There is a technical nuance that complicates the government’s reassurance.
End-to-end encryption protects messages in transit and at rest, so the server cannot hand over old private chats. But security researchers note that fully hijacking someone’s logged-in client is different: an attacker acting as that user can, in principle, see whatever the account sees in the moment, including private rooms it opens. The encryption holds; the impersonation is the hole.
What makes this sting is what Tchap represents. DINUM and ANSSI built it as a state-run, French-hosted alternative to WhatsApp, Telegram, and Slack, launched in 2019 precisely so government communications would not sit on foreign-controlled services.
Since 2025 it has been pushed across ministries to hundreds of thousands of public agents, and it lands in the middle of a broader French drive for technological independence that has seen Paris order ministries off Windows and onto Linux and Europe more widely treat its reliance on foreign tech as a political risk.
The gap between ‘a few public rooms’ and ‘73,000 accounts and restricted-document references’ will be closed by the log analysis, not the press releases. For a service whose entire pitch is that the state can be trusted to run its own secure communications, even a contained breach is an awkward dent.
A loud, unverified hacker claim on top of it is exactly the kind of story that sovereignty sceptics, and France’s rivals, will be happy to amplify.
