Over 73,000 French govt employees affected in Tchap messenger breach

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector.

DINUM, the French government's digital affairs directorate, disclosed on Monday that a threat actor gained access to the Tchap platform using a compromised user account and notified France's data protection authority (CNIL) due to the potential exposure of personal data shared by some users.

While it initially shared almost no details about what was exposed and how many people were affected by this breach, the DINUM disclosed in a subsequent update that the attackers may have accessed information shared by around 9% of all registered users on the platform.

DINUM explained that while private conversations are encrypted and their content protected, the attacker was able to steal all the data shared in public chat rooms, which are not encrypted. This allowed them to collect the users' names and email addresses, as well as their avatar images and the public sector organization they work for.

"Of the more than 825,000 registered agents, 73,467 agents would be affected by this incident, or less than 9% of registered users. These forums, by design, are open to all users and their messages are not encrypted. Officers' private conversations remain protected," it said.