Security breach hits French government chat app Tchap, investigators check for possible data leaks

Published: 10 June 2026
French Ministry of Interior suffered a data breach.

A security breach has hit Tchap, the French government’s encrypted messaging platform widely used by civil servants, following the country's restriction on foreign apps like WhatsApp and Signal for official communication. Authorities are now investigating not only this incident but also whether a larger volume of messages and user data was also exposed.

Tchap is an instant messaging service and collaboration tool developed by DINUM, the digital affairs directorate of the French government, and ANSSI, France’s cybersecurity agency.

It’s a fork of the secure chat application Riot and can only be used by people with a .gouv or similar email address. Tchap currently has over 300,000 monthly users and has over 500,000 downloads on the Google Play Store.

ADVERTISEMENT

To strengthen digital communication, Prime Minister François Bayrou mandated the use of Tchap for work-related communications for all civil servants in August 2025 and banned foreign messaging apps, such as WhatsApp and Signal.

Francois Bayrou, old man, band forehead, grey hair on sides, golden microphone, black suit
Francois Bayrou, France's prime minister. Nathan Laine/Bloomberg via Getty Images.

On June 7th, 2026, ANSSI detected a security breach on the government’s encrypted messaging platform. According to the cybersecurity agency, the attacker used a compromised user account to gain access to Tchap.

ANSSI states that private conversations conducted via Tchap are encrypted and secured. Public conversations, on the other hand, are accessible to all users and aren’t encrypted. To remind users of this, a message was sent to all Tchap users.

The attacker may have gained access to personal data shared by users in conversations with the hacked account. Therefore, DINUM notified the French privacy supervisor and data protection authority, CNIL, of the security incident.

Meanwhile, a threat actor called “misere” claims to have stolen data from Tchap.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In a post on the dark web, he claims to have obtained access through social engineering and exfiltrated 13.5GB of data. Allegedly, the stolen data includes 73,467 user accounts, 643,459 messages, 876 chat rooms with message history, and 59,386 shared media files.

ADVERTISEMENT

Furthermore, the threat actor is said to have accessed discussion rooms involving personnel from multiple French ministries.

DINUM reports that the investigation into the incident is still ongoing, as is the investigation into which data the attacker had access to.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nigel Farage and Andrew Bailey's “bizarre AI video” is more dangerous than you might think
Data from 35M OkCupid users leaked online, hackers claim everyone’s exposed
A giant Instagram phone number database just surfaced. Should you be worried?
Apple overhauls Siri in late push to stay in AI race
US says major Chinese tech giants like Alibaba are supporting China’s military
NASA astronauts set to wear Prada on future Moon missions
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked