French Interior Ministry Email Server Breach and Potential Abuse
Hackers breached the email servers of the French Ministry of the Interior, as confirmed by Interior Minister Laurent Nunez. The attack, detected between December 11 and 12, allowed threat actors to access certain document files, though there is no current evidence of serious data compromise. In response, the ministry has tightened security measures and reinforced access controls for all agents, while an investigation is underway to determine the origin and scope of the breach. Authorities are considering various scenarios, including foreign interference, hacktivism, or cybercrime, and have not yet released technical details about the attack.
Following the breach, there are indications that emails sent from the French Ministry of the Interior's domain were used to announce the reopening of BreachForums, a notorious cybercriminal marketplace. This suggests that the attackers may have leveraged their access to the ministry's email infrastructure for further malicious activity, potentially as part of a hacker honeypot or to lend credibility to their communications. The incident highlights the risks associated with compromised government email systems and the potential for such breaches to be exploited in broader cybercriminal operations.
Sources
1 more from sources like securityaffairs
Related Stories
Cyberattack on French Interior Ministry Email Servers
The French Interior Ministry confirmed a cyberattack that compromised its email servers, allowing attackers to access certain document files. In response, the ministry implemented enhanced security protocols and access controls, while an investigation was launched to determine the origin and scope of the breach. Authorities have not yet confirmed whether any data was stolen, and are considering multiple possible motives, including foreign interference, hacktivism, or cybercrime. The Interior Ministry, which oversees police, internal security, and immigration, is considered a high-value target for both state-sponsored and criminal actors. The incident was reported in several news roundups, highlighting its significance within the broader context of European cybersecurity threats. While attribution has not been established for this specific attack, previous campaigns against French government entities have been linked to Russian state-sponsored groups such as APT28. The breach underscores ongoing concerns about the vulnerability of critical government infrastructure to sophisticated cyber threats and the need for robust incident response and investigation procedures.
3 months ago
Unauthorized Access to France’s FICOBA Bank Account Registry Exposes 1.2 Million Accounts
France’s Ministry of the Economy and Finance confirmed that an attacker **accessed and consulted data tied to ~1.2 million French bank accounts** by using **stolen login credentials** belonging to an authorized government user of the national bank account registry (*FICOBA*). The intrusion began in **late January 2026** and exposed account-linked personal data including **IBANs**, account holder **names**, **addresses**, and in some cases **tax identification numbers** (DGFiP-issued). Authorities stated the access did **not** enable viewing balances or initiating transactions. After detection, the ministry reported it **blocked the attacker**, notified France’s data protection authority (**CNIL**), and **filed a criminal complaint**; impacted individuals are expected to be contacted directly, and **banks were alerted** to advise customers to remain vigilant. Reporting noted the incident follows other recent cyber disruptions affecting French public services (including attacks impacting **La Poste/La Banque Postale** and the **Interior Ministry**), though no motive or attribution for the FICOBA access has been publicly confirmed.
3 weeks agoFrench Football Federation Data Breach via Compromised Account
The French Football Federation (FFF) suffered a significant cyberattack in which threat actors exploited a compromised user account to access the federation’s administrative management software. This breach resulted in the theft of sensitive personal data belonging to over two million registered amateur football players and club members, including names, dates and places of birth, nationalities, postal and email addresses, phone numbers, and football license numbers. Financial data and passwords were reportedly not affected. Upon discovering the breach on November 20, 2025, the FFF immediately deactivated the compromised account, reset all user passwords, and secured its systems. The FFF has filed a formal complaint with French authorities and notified both the National Cybersecurity Agency (ANSSI) and the National Commission on Informatics and Liberty (CNIL). Affected individuals whose email addresses were exposed are being contacted directly, and the federation has urged all members to be vigilant against potential phishing attempts and scams leveraging the stolen data. This incident highlights the growing cyber risks faced by sports organizations and underscores the need for robust cybersecurity measures to protect large volumes of personal information managed by such entities.
3 months ago