France’s government only messaging platform Tchap is at the center of a growing cybersecurity investigation after a threat actor claimed to have gained unauthorized access to the service and extracted a significant amount of sensitive data.
The incident has raised fresh concerns about the security of government communication platforms at a time when public sector organizations across Europe are facing increasingly sophisticated cyber espionage threats.
Hacker Claims Massive Data Extraction
The alleged breach was disclosed by a threat actor using the alias “misere”, who reportedly published details of the incident on a dark web forum. According to the claims, the attacker successfully obtained access to Tchap through a compromised legitimate user account, rather than exploiting a software vulnerability.
The attacker alleges that approximately 13.5GB of data was extracted from the platform. The claimed dataset includes more than 73,000 user accounts, over 643,000 messages, nearly 900 chat rooms containing historical conversations, and tens of thousands of shared files and media attachments.
The individual behind the breach further claimed to have accessed discussion spaces involving personnel from several French government ministries. If confirmed, the incident could represent one of the most significant compromises of a government communication platform in recent years.
At the time of writing, authorities have not verified the scale of the alleged data theft, and it remains unclear whether all of the claimed information was successfully exfiltrated.
Authorities Confirm Security Incident
France’s National Cybersecurity Agency, ANSSI, has acknowledged that Tchap experienced a security incident. Initial findings suggest the breach stemmed from the theft of a valid user account, enabling unauthorized access to parts of the platform.
Officials emphasized that private conversations within Tchap are protected through encryption, potentially limiting exposure of highly sensitive exchanges. However, public discussion rooms on the platform do not benefit from the same level of protection, raising concerns about what information may have been accessible to the attacker.
DINUM, the French government’s digital affairs directorate and one of the organizations behind Tchap, confirmed that an investigation is underway. Authorities are currently working to determine the extent of the compromise and whether any government data was actually accessed or removed.
For now, officials have not released detailed findings, and the full impact of the incident remains unknown.
Why Tchap Matters to the French Government
Tchap was developed specifically for French public sector employees as a secure alternative to commercial messaging platforms. The application was created by DINUM in partnership with ANSSI and is available exclusively to users with official government email addresses.
The platform gained additional importance after French Prime Minister François Bayrou moved to restrict the use of foreign messaging applications such as WhatsApp and Signal for official government communications. Public employees were encouraged to use Tchap instead, positioning the platform as a central component of France’s digital sovereignty strategy.
Built on technology derived from the open source Riot communication platform, Tchap has attracted a large user base across government departments. Reports indicate that the service is used by hundreds of thousands of public sector workers every month.
Because of its role in facilitating internal government communications, any compromise involving the platform is likely to attract significant scrutiny from security experts and policymakers.
Rising Threats Against Government Communication Platforms
The alleged Tchap breach arrives amid increasing warnings from intelligence agencies about state backed cyber espionage campaigns targeting secure messaging applications.
Earlier this year, Dutch intelligence officials warned of ongoing efforts by Russian linked actors to gain access to messaging accounts used by government personnel, military staff, and public officials. Similar concerns were later echoed by US authorities, including the FBI and CISA, which highlighted phishing operations designed to compromise accounts on widely used communication services.
Rather than attacking encryption directly, many of these campaigns focus on stealing legitimate credentials through social engineering tactics. Once attackers gain access to a trusted account, they can often view conversations, collect sensitive information, and move laterally through connected systems.
The Tchap incident serves as another reminder that even highly secure communication platforms remain vulnerable when user accounts are compromised. As investigations continue, French authorities will be under pressure to determine exactly what happened and whether sensitive government information was exposed.
Follow TechBSB For More Updates
