France’s homegrown secure messaging app just hit a serious snag. Tchap, the state’s encrypted chat designed to keep government talks off foreign platforms, suffered a breach. But how bad is it? The government and the hacker tell very different stories.

An Account Hijacked, Not the System

The French cybersecurity agency ANSSI flagged the attack on June 7, 2026. The culprit wasn’t a crack in the encryption or a flaw in Tchap’s infrastructure. Instead, someone stole access by hijacking a legitimate user’s account. This isn’t a system failure. It’s a credential failure.

Tchap operates on the open Matrix protocol. It supports both public chat rooms and private conversations. The private chats use end-to-end encryption, keeping their content shielded even from servers. But the public rooms are different. They’re open to all authenticated users and unencrypted.

Officials say the attacker only accessed those public spaces. Private chats, they claim, remain locked down. The compromised account was quickly disabled to cut off the attacker’s access. Investigations are ongoing to clarify exactly what was seen or taken.

The Hacker’s Massive Claim

Enter the hacker known as ‘Misère.’ This actor claims a much bigger haul. According to them, data from 73,000 state agents, 643,000 messages, nearly 60,000 files, and 13.5 gigabytes of content were stolen. The period covered supposedly stretches from June 2023 to June 2026. That’s a huge trove.

Misère alleges the breach began with social engineering against a Tchap account tied to the Education Ministry. They say a directory search feature allowed them to enumerate thousands of users. The hacker also claims to have found nearly 90 items marked “Diffusion Restreinte,” meaning restricted distribution—potentially sensitive state documents.

None of these numbers or details have been confirmed by ANSSI or DINUM, the agency running Tchap. Security analysts remain skeptical. No independent verification has appeared. The official narrative sticks to a much narrower scope: a single compromised account viewing public chats only.

Why This Breach Cuts Deep

Tchap launched in 2019 to keep French government communication off foreign-owned platforms like WhatsApp and Telegram. It’s a symbol of digital sovereignty. Since 2025, it’s been adopted across ministries by hundreds of thousands of civil servants. It’s a core tool in France’s push to control its own digital infrastructure and reduce reliance on foreign tech.

That’s why even a contained breach stings. A hijacked account might seem minor. But if the hacker’s claims hold any truth, the breach exposes vast amounts of internal government data. It threatens trust in the platform and the larger French tech independence drive.

Security researchers point out a subtle but critical detail. End-to-end encryption protects stored and transmitted private messages. But if an attacker fully controls a logged-in user’s session, they can see whatever the user sees at that moment. That includes private rooms the user accesses during the breach. So the encryption itself isn’t broken, but the impersonation opens a serious backdoor.

What’s at Risk and What’s Next?

The potential fallout is wide:

• Exposure of public chat content containing non-sensitive but official discussion
• Possible access to private conversations if the attacker controlled live sessions
• Leakage of thousands of files and documents, some flagged as restricted
• Compromise of personal data tied to tens of thousands of government agents
• Risk of targeted phishing or social engineering attacks based on leaked info

France’s data protection authority CNIL has been notified. Users were reminded to avoid sharing sensitive info in public chat rooms. This incident adds to a recent string of cyberattacks hitting French public services and ministries.

Meanwhile, the cybersecurity community watches closely. The gap between official damage reports and hacker claims fuels debate. Will the ongoing forensic log analysis close that gap? Or will uncertainty linger, feeding doubts about state-run digital tools?

The Bigger Picture in European Cybersecurity

This breach raises questions about how governments protect their own digital tools. Europe’s drive for tech sovereignty faces tough challenges from sophisticated cyber threats. France is a key digital hub in the EU, and its government systems hold data impacting cross-border services.

Attacks like this expose vulnerabilities in user credential protections and highlight risks in hybrid open-source platforms. They also show how attackers exploit social engineering to bypass even strong encryption safeguards.

For now, Tchap remains a vital communication tool. But this breach will push French authorities to tighten authentication controls and audit access deeply. The race to secure sovereign digital infrastructure is far from over.

Will France’s messenger bounce back stronger? Or will this incident reshape how governments build and trust their own communications? The coming weeks promise answers. Stay tuned as the digital sovereignty battle unfolds.