The French government's in-house encrypted messaging service, Tchap, has been breached in a cyber attack, potentially exposing sensitive communications of public servants. The incident, discovered on June 7 by the French National Cybersecurity Agency (ANSSI), has triggered an investigation by the French Digital Affairs Directorate (DINUM), which developed and manages the platform.
The Breach
According to Engadget, the account behind the attack has been identified and blocked, but the full extent of data extraction is still under investigation. A threat actor has since claimed responsibility, sharing some of the stolen files with Bleeping Computer. The hacker alleges to have stolen nearly 14GB of documents and files shared by public servants using Tchap, as well as hardcoded LDAP credentials, email addresses, meeting links, and general organization data.
DINUM is not publicly disclosing the origin of the breach, but a message was sent to all Tchap users reminding them that the content of public chatrooms is not encrypted.
Technical Details
Tchap is a state-owned messaging service based on the Matrix protocol. It was designed exclusively for the French public sector and features end-to-end encryption on private conversations. The service was launched in 2019. The breach highlights a critical distinction: while private chats are encrypted, public chatrooms are not, meaning any sensitive data shared in open channels could be exposed.
The stolen LDAP credentials could allow further access to directory services, compounding the risk. The breach comes at a time when France is actively pushing to reduce reliance on foreign-developed software.
Broader Context
This year, France has been moving away from Windows in favor of Linux on government workstations. By next year, a homegrown alternative will replace Zoom and Microsoft Teams. The EU, of which France is a founding member, is also reportedly planning to stop using Google as its default in-house search engine, with France-developed Quaint taking its place.
For enterprise technology decision-makers, the Tchap breach serves as a cautionary tale about securing internal communications platforms, especially those built in-house. Even encrypted services can be compromised if public channels are not properly secured or if server-side vulnerabilities exist. The incident also underscores the challenges of transitioning to homegrown software—while it may reduce foreign dependency, it does not automatically eliminate cybersecurity risks.
As supply chain and logistics companies increasingly adopt encrypted messaging and collaboration tools, the Tchap incident highlights the need for stringent access controls, regular security audits, and clear policies on what data can be shared in unencrypted public channels.
Sources:
