France's government messaging platform Tchap, the in-house, Matrix-based app that civil servants are required to use instead of WhatsApp or Signal, was breached after a threat actor hijacked a single user account, no software exploit needed. The cyber agency ANSSI detected it on June 7. Officials say data tied to about 73,000 accounts, roughly 9 percent of users, was exposed: the attacker scraped everything shared in public chat rooms, which are not encrypted, while private end-to-end conversations stayed protected. The haul includes over 13.5GB of documents and media plus hardcoded LDAP credentials leaked in a PowerShell script. Entry was via the education ministry's server.
France Titres (Agence nationale des titres securises, ANTS), the French government agency responsible for issuing driver's licenses, national ID cards, passports, and immigration documents, has confirmed a security incident on the ants.gouv.fr portal. The agency detected the compromise on April 15 and published an acknowledgment April 20, saying individual and professional account data may have been exposed. On April 16, a threat actor using the alias 'breach3d' claimed responsibility on a hacker forum, alleging theft of up to 19 million records. The attacker says the stolen data contains full names, contact details, birth data, home addresses, account metadata, gender, and civil status. ANTS operates under the French Ministry of the Interior and is the authoritative source for official French identity documents, making any data leak a foundational risk for downstream phishing, social engineering, and identity fraud. The agency has notified France's data protection authority (CNIL), the Paris Public Prosecutor, and national cybersecurity agency ANSSI. ANTS is telling users no action is required but to exercise 'extreme caution' with any SMS, phone calls, or emails claiming to come from the agency - the stolen data is ideal raw material for targeted impersonation scams.