Cybersecurity breach: French Interior Ministry hit by serious cyberattack

Dubai: The French government said on Wednesday that “a few dozen” confidential records were extracted during a cyberattack on the Interior Ministry that lasted several days, with senior officials describing the breach as serious and announcing immediate measures to strengthen cyber defences, AFP reported. 

Interior Minister Laurent Nuñez told lawmakers in the National Assembly that the incident, detected overnight between December 11 and 12, involved a compromise of the ministry’s professional email systems. When questioned about the scale of the attack, Nuñez acknowledged the gravity of the breach, describing it as “very serious”.

According to the minister, the intrusion was made possible by weaknesses in what he described as “digital hygiene”, including the sharing of passwords that allowed access to protected files through compromised professional messaging systems.

The breach enabled one or more hackers to access “highly sensitive” databases, including the criminal records processing system and the national wanted persons file, both of which are central to the work of French security forces. 

Despite claims by a hacking group that data relating to 16 million people had been stolen, Nuñez said that, at this stage, investigators had confirmed the extraction of only “a few dozen records”.

French officials said there is still no definitive evidence that large volumes of sensitive data were exfiltrated or seriously compromised, stressing that the full impact of the attack remains under assessment.

Following the discovery of the breach, the Interior Ministry implemented standard protective procedures, tightening access conditions to internal systems and introducing additional security controls for staff accounts. An official investigation is under way to determine how the attack occurred and to identify those responsible.

Nuñez said the government had responded swiftly to what he characterised as negligence in cybersecurity practices, announcing a series of immediate corrective measures aimed at preventing similar incidents in the future.