French government internal messaging tool Tchap hit by data breach — but it doesn’t know if any data was compromised

• French government‑only chat app Tchap breached via stolen valid account, attacker claims 13.5GB exfiltrated
• Alleged haul includes 73k accounts, 640k+ messages, 800+ chat rooms; private chats encrypted, public rooms not
• ANSSI and DINUM investigating amid wider warnings about state‑targeted messaging‑app espionage

A chat app used exclusively by French government employees was apparently hacked and hundreds of thousands of messages allegedly exfiltrated, with the authorities now investigating these claims.

Back in 2025, France’s Prime Minister François Bayrou banned the use of foreign chat apps, such as WhatsApp or Signal, for work communication. Instead, employees were told to use Tchap, an instant messaging and collaboration tool built by DINUM, the digital affairs directorate of the French government, and ANSSI, France’s cybersecurity agency.

The app is a fork of Riot, and available only to users with a .gov address. Apparently, the app has more than 300,000 monthly users, as well as more than 500,000 downloads on Google Play Store.

“misere” claims the breach

A threat actor with the alias “misere” recently took to the dark web to lay claim to the attack, saying they used social engineering to exfiltrate 13.5GB of data from the app.

Among the data stolen are 73,467 user accounts, 643,459 messages, 876 chat rooms with message history, and 59,386 shared media files. They also claimed to have accessed discussion rooms involving personnel from multiple French ministries.

In the meantime, ANSSI confirmed the app suffered a security breach, saying the initial reports were of a valid account being stolen. The agency said private conversations in the app are encrypted, but public conversations are not.

DINUM added that it was now investigating the incident.

In March 2026, the General Intelligence and Security Service (AIVD), the Netherlands’ primary civilian intelligence and security agency, warned of a major ongoing cyber-espionage campaign by Russian spies, in which they try to gain access to Signal and WhatsApp accounts belonging to dignitaries, military personnel, and civil servants, including Dutch government employees.

A few weeks later, both the FBI and CISA warned about the same thing, urging US government employees to be cautious with their mobile apps.

Via Cybernews

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.