Summary
- DINUM says ANSSI detected a Tchap compromise on 7 June involving account impersonation.
- Private encrypted conversations were not accessible, but public conversations and profile data may have been exposed.
- The incident places identity controls, user behaviour, room design, and disclosure standards under scrutiny around sovereign public-sector communications platforms.
France’s interministerial digital directorate has contained an account compromise affecting Tchap, the encrypted messaging service used across the French public sector, after national cyber agency ANSSI detected an incident on 7 June.
DINUM said the compromise followed account impersonation. The account used for malicious requests was identified and blocked to remove persistent access while investigators examined what data may have been reachable. Private conversations remained protected because Tchap’s private exchanges are encrypted and their history is not accessible through a compromised account.
The exposure instead appears to centre on public conversations. DINUM said public forums are open to all Tchap users by design and their messages are not encrypted. Of more than 825,000 registered agents, 73,467 may be concerned by the incident, representing less than 9% of registered users. Potentially affected data includes names, email addresses, organisational entities, avatars, and information shared in public conversations. DINUM has notified CNIL, France’s data protection authority.
The compromise places identity control and public-sector communications governance under pressure without suggesting that Tchap’s private encryption failed. DINUM’s incident update draws a clear line between private encrypted conversations and public rooms. That distinction is technically important, but it does not remove the operational concern around what civil servants place in spaces that are open across the platform.
Secure communications tools often carry a reputation that can blur practical boundaries. Users may treat a state-backed or encrypted platform as uniformly safe, even when different channels have different access models and retention implications. A compromised account can still be enough to expose information that was never protected by end-to-end encryption in the first place.
Public-sector messaging systems hold organisational context, informal discussions, policy material, contact details, and operational clues. Even where classified or highly sensitive material is not exposed, large collections of low-level messages can help an attacker map teams, projects, relationships, terminology, and working patterns.
The French response appears to have moved quickly, with ANSSI detection, account blocking, user notification, and CNIL involvement. The remaining questions are practical: how the account was compromised, whether stronger authentication or session controls would have reduced access, how long the attacker was present, and what users had placed in public rooms.
The episode also carries a European policy angle. Governments are encouraging sovereign collaboration tools, encrypted communications, and reduced dependency on foreign consumer platforms. Those objectives are understandable, especially in public administration, but sovereign infrastructure still depends on disciplined identity management, user training, monitoring, logging, and data classification.
Public-sector organisations across Europe face similar risks as they consolidate communications into approved platforms. The control boundary is no longer just the application. It includes account recovery, multi-factor authentication, role and room design, logging, administrative access, retention rules, and user understanding of what is public, private, encrypted, archived, or discoverable.
Tchap’s private encryption appears to have held. The exposure came from account access and public-room design, which are precisely the parts of secure collaboration that can be weakened by user assumptions, identity compromise, and unclear data-handling habits.





