Tchap, the French government’s own encrypted messaging platform used by over 300,000 civil servants, has suffered a breach that exposed the accounts of around 73,000 employees. The attacker gained access by using a compromised civil servant’s account, then harvested data from public chat rooms — including documents, media files, and internal communications shared openly within the platform. Roughly 13.5 GB of files were stolen in total.
Tchap was developed specifically to give French government workers a secure alternative to consumer apps like WhatsApp and Teams. While private conversations between users are end-to-end encrypted and were not exposed, content shared in public rooms — which are unencrypted by design — was fully accessible to the attacker. The breach also exposed hardcoded administrative credentials that were accidentally left in a script shared inside the app. France’s data protection authority has been notified.