Tchap, the encrypted instant messaging service used by public officials, was the victim of a “security incident” with a data leak which was “controlled”, the Interministerial Digital Directorate (Dinum) announced on Monday June 8.
The National Information Systems Security Agency (Anssi) detected on Sunday June 7 “a compromise of the Tchap service following account theft,” Dinum said in a press release. It said the account originating the malicious requests was “identified” and “immediately blocked in order to remove the attacker’s persistent access.”
“Even in the case of account theft, the history of private and encrypted conversations is not accessible” and “the exchanges likely to have been consulted are therefore limited to the content of public conversations,” she explained.
Dinum, which notified the incident to the National Commission for Information Technology and Liberties (Cnil), does not indicate, at this stage, how many accounts have been compromised. The specialist site FrenchBreaches reported claims published on the dark web according to which more than 643,000 messages from 73,000 agents in 976 chat rooms were exposed.
In September 2025, the government generalized the use of Tchap for all public officials in order to face the “increasing risk of interception of their communications” and cyberattacks. He then mentioned the potential security vulnerabilities existing on consumer applications, such as WhatsApp or Telegram.
