The **Tchap** platform, an instant messaging service developed by **DINUM** in collaboration with **ANSSI** (the French Cybersecurity Agency) for the French public sector, recently suffered a breach affecting a substantial number of its users. **DINUM** disclosed that a threat actor gained access to the platform via a compromised user account. This incident has led to a notification to **CNIL**, France's data protection authority, due to the potential exposure of personal data. ### Scope of the Breach While initial details were scarce, **DINUM** later updated its disclosure, confirming that approximately 9% of all registered users on the platform were affected. This translates to 73,467 out of more than 825,000 registered agents. ### Exposed Data Crucially, **DINUM** clarified that while private conversations on **Tchap** are encrypted and their content protected, public chat rooms are not. The attacker was able to exfiltrate data from these unencrypted public forums. This includes users' last names, first names, email addresses, their associated public sector organizations, and avatar images. > "Of the more than 825,000 registered agents, 73,467 agents would be affected by this incident, or less than 9% of registered users. These forums, by design, are open to all users and their messages are not encrypted. Officers' private conversations remain protected." ### Attacker Claims and Additional Compromises Although **DINUM** has not officially attributed the breach, a threat actor has claimed responsibility, stating they leveraged a social engineering attack to gain access. This actor has reportedly shared a sample of stolen files. The threat actor claims to have scraped nearly 650,000 messages and information from over 73,000 accounts. Beyond the user data confirmed by **DINUM**, they also allege the theft of meeting links, account and device metadata, and over 13.5GB of documents and media files. Furthermore, they claim to have found hardcoded **LDAP** credentials leaked via a PowerShell script. ### Tchap's Role and Previous Incidents **Tchap**, based on the **Matrix** protocol, has been a cornerstone of French civil servant communications since 2018. It became the default app for work communications in early August 2025 (note: likely a typo in original content, given the current date) and boasts over 300,000 monthly users and more than 500,000 downloads on the Google Play Store. This incident follows another recent cybersecurity event in France. In May, a 15-year-old was detained in connection with a data breach at **ANTS** (Agence nationale des titres sécurisés), the agency responsible for official identity and registration documents.