-
A hacker claims they extracted a large number of records from the French government’s La Suite Numérique digital platform.
-
The stolen data includes records from the Digital Workspace operated by the French governmentinterministerial digital directorate, DINUM.
-
The actor offers up to 5,000 free records as a sample and says they will maintain operations even if Telegram bans their account.
A threat actor going by the name ‘exclode’ claims to have stolen over 18 million records from La Suite Numérique, France’s official government digital workspace.
The hacker is now selling the data via Telegram and offering free samples to prove the breach is real.
What We Know About This Breach
The alleged breach was first detected on May 11. The actor laid out his claims in a dark web post using the handle ‘exclode’. They claimed to have stolen a massive 18 million records from La Suite Numérique.
That’s the official digital workspace for the French government. It’s like a collaboration hub for public servants.
The actor is now selling this alleged dataset on Telegram. No price listed yet. The interesting part? The hacker wants to offer up to 5,000 lines for free. The actor promised to send a sample upon request.
The actor also promised persistence. If Telegram suspends its account, they have alternative channels ready. That’s a clear sign of someone who knows the underground market well.
Currently, the exact field of the stolen data is still unclear, and as the hacker was not explicit about what’s inside the database they stole. This makes it hard to prove the claims are legit and that the breach actually happened.
Also, for now, the government site in question, lasuite.numerique.gouv.fr, which DINUM operates, has yet to make a statement regarding any breach.
Importantly, no independent authority has verified this data yet. The authenticity, integrity, and actual scope remain unconfirmed. All information comes solely from underground forum posts.
A troubling Pattern
The timing makes this story more concerning. Just weeks earlier, on April 15, France’s National Agency for Secure Documents (ANTS) detected a real security incident. The breach that occurred affected the ants.gouv.fr portal and the Citizens ID database of the French government.
French organizations continue to face cyber threats. A French supplier for Airbus and Boeing recently confirmed a data breach, highlighting how widely these attacks are spreading across French critical infrastructure.
The government admitted to the breach on April 20. What did the hackers take? Login details. Names. Email accounts. Dates of birth. And even account numbers. Addresses, telephone numbers, and places of birth for some of the victims were also exposed.
Potential Risks If This Data is Real
If this alleged breach proves authentic, a lot of things are at stake. Mass exposure of sensitive information tops the list. Eighteen million records is not a small number. That could impact citizens and government employees alike.
What about unauthorized access to government platforms? That’s another major risk. Criminals could use this data to move deeper into government networks. The actor is actively marketing this dataset within underground communities.
Resale will happen fast. Then the data will spread everywhere, from dark web markets to private channels, which will cause even more damage.
Spear phishing attacks become far more dangerous. Attackers armed with real government workspace data can craft convincing emails. They could target users or even state entities directly.
Fraud and social engineering campaigns will follow. Criminals love using legitimate-looking data to trick victims. And initial access brokers may buy this information to breach other systems.
What to do Next
This breach puts both French government employees and citizens at risk, so all parties need to pay close attention. Agencies need to check all privileged access logs right now; don’t wait.
Review storage configurations and API exposure settings. Look for any unusual mass data transfers. The government should implement dark web monitoring services. Threat hunting teams need to search their networks now.
For individuals: Do not trust unexpected messages. That email, text, or call might look official. Verify through known channels instead. In case you receive a suspicious message, do not call any of the numbers listed in the message. Instead, look for the correct number for the agency on their official website and call that number.
Use any French government’s online services? Change passwords ASAP. Turn on 2FA everywhere possible. Watch your accounts like a hawk in case of any suspicious activity.
The ANTS breach already exposed identification data. If your information was in that incident, you face a higher risk now. Cyber criminals love to combine data stolen from several different breaches; therefore, keeping track of what information they have can get very complicated.
Keep in mind, it is illegal to sell or give away information that has been stolen from the government. The ANTS confirmed this clearly in their public statement. The coming days will reveal whether this claim holds water. Stay alert. Take extra care before responding to unexpected calls or messages, and trust your instincts and verify before taking action.
