France arrests suspect tied to cyberattack on Interior Ministry

French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France’s Ministry of the Interior earlier this month.

In a statement issued by Public Prosecutor Laure Beccuau, officials said the suspected hacker was arrested on December 17, 2025, as part of an investigation into the attack.

“A person was arrested on December 17, 2025, as part of the investigation opened by the cybercrime unit of the Paris public prosecutor’s office, on charges including unauthorized access to an automated personal data processing system implemented by the State, committed by an organized group, following the cyberattack against the Ministry of the Interior,” reads the statement translated into English.

The suspect is accused of unauthorized access to an automated personal data processing system and conducted as part of an organized group. This offense carries a maximum sentence of 10 years’ imprisonment.

Prosecutors said the suspect, born in 2003, is already known to the public prosecutor’s office and was convicted in 2025 for similar offenses. Investigations are being carried out by OFAC, France’s Office for Combating Cybercrime, and authorities said a further statement will be issued at the end of the police custody period, which can last up to 48 hours.

BleepingComputer contacted the public prosecutor’s office with questions regarding the prior convictions, but was told they are not disclosing this information.

The arrest follows a Friday announcement by French officials that the Ministry of the Interior was breached in a cyberattack that compromised its internal email servers.

Interior Minister Laurent Nuñez said the intrusion was detected overnight between Thursday, December 11, and Friday, December 12, and allowed attackers to gain access to some document files. Officials have not confirmed whether any data was stolen during the attack.

“There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures,” Interior Minister Laurent Nuñez said in a statement shared with RTL Radio.

“It could be foreign interference, it could be people who want to challenge the authorities and show that they are capable of accessing systems, and it could also be cybercrime. At this point, we don’t know what it is.”

Following the breach, the ministry tightened security protocols and strengthened access controls across the information systems used by ministry personnel.

Around the same time as France’s Ministry of the Interior breach, the notorious BreachForums hacking forum was relaunched, with one of its administrators publicly claiming responsibility for the attack in a forum post.

The post claims that the government agency was attacked in revenge for the arrests of their friends, likely referring to the 2025 arrests of five BreachForums moderators and admins.

“We hereby announce that, in revenge for our arrested friends, we have successfully compromised “MININT” — the French Ministry of the Interior,” reads the forum post.

Those previously arrested by French police used the forum aliases of “ShinyHunters”, “Hollow”, “Noct”, “Depressed,” and “IntelBroker.” However, the person using the ShinyHunters is not believed to be the main operator of the ShinyHunters extortion gang, who has been behind numerous attacks in 2025, including the recent PornHub data breach.

The forum post goes on to claim that the threat actors stole data on 16,444,373 people from France’s police records and files. The threat actors claim they are giving the French government a week to negotiate with them not to publicly release the data.

The BreachForums admin shared three screenshots they claim prove they are behind the breach.

French authorities have not confirmed these claims, and it remains unclear whether the individual arrested is connected to the BreachForums statements.

Adblock test (Why?)