DIDN A.I CyberSecurity Scoring
DIDN
Company Information
Website:https://www.numerique.gouv.fr
Employees number:298
Number of followers:68,225
NAICS:92
Industry Type:Government Administration
Homepage:gouv.fr
DIDN Risk Score (AI oriented)
Between 0 and 549
DIDNGovernment Administration
Updated:
12/06/2026
12/06/2026
477/1000
Critical
C
DIDN Global Score (TPRM)
xxxx
DIDNGovernment Administration
Score locked

DIDNCritical
Current Score
477C (CRITICAL)
01000
3 incidents
-147.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
481
JUNE 2026
672
Breach
07 Jun 2026 • DIDN
Interministerial Directorate for Digital Affairs, French Government, Ministry of Finance, Ministry of Interior, Ministry of Education and Ministry of Defense: Tchap Messenger Breach Exposes Data of 73,000+ French Government Employees
French Government’s Secure Messaging Platform Tchap Breached, 13.51 GB of Data Exfiltrated
476
CRITICAL-196
DIRIFIFRE1781260189
French Government’s Secure Messaging Platform Tchap Breached, 13.51 GB of Data Exfiltrated
A threat actor operating under the alias misere has claimed responsibility for compromising Tchap, the encrypted messaging platform used by the French government, allegedly stealing 13.51 GB of sensitive internal data. The breach, detected by France’s national cybersecurity agency (ANSSI) on June 7, 2026, targeted the platform’s education ministry shard (matrix.agent.education.tchap.gouv.fr) via a hijacked user account obtained through social engineering.
Developed by the Interministerial Directorate for Digital Affairs (DINUM) and built on the Matrix/Synapse open-source protocol, Tchap was mandated for all French public officials in September 2025 as a sovereign alternative to commercial apps like Signal and WhatsApp. With over 825,000 registered civil servants across ministries, the platform supports end-to-end encryption for private conversations but leaves public chat rooms unencrypted.
The attacker exploited Tchap’s non-shard-isolated user directory, allowing them to enumerate 73,467 government accounts across all ministries. From the compromised education ministry account, they scraped 643,459 messages from accessible rooms, 876 discussion channels, and 59,386 media files including 90 instances of "Diffusion Restreinte", France’s restricted government classification level. Exposed data also included internal Zoom and Webex meeting links, device metadata, and communications from key ministries, including Interior, Finance, Defense, Justice, and National Education.
DINUM confirmed that the breach exposed personal data such as full names, government email addresses, organizational affiliations, and profile avatars. While private messages remained encrypted, the incident highlighted a critical flaw: public rooms on Matrix-based platforms are accessible to any authenticated user, meaning a single compromised account could harvest vast amounts of sensitive data without exploiting software vulnerabilities.
Upon discovery, DINUM blocked the compromised account and launched an investigation with ANSSI. The agency also notified France’s data protection authority (CNIL) and issued a platform-wide alert to users, emphasizing the lack of encryption in public chat rooms. French officials have since maintained that the confidentiality of private messages was not compromised.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
07 Jun 2026 • DIDN
ANSSI, DINUM and French Tax Authority: French govt messaging service breached in account hijacking attack
French Government’s Secure Messaging Platform Tchap Breached via Compromised Account
476
CRITICAL-196
ANSFREDIR1781008517
French Government’s Secure Messaging Platform Tchap Breached via Compromised Account
The French government’s encrypted messaging platform, Tchap, was breached after hackers gained access using a hijacked user account. Developed by DINUM (the digital affairs directorate) in collaboration with ANSSI (France’s cybersecurity agency) in 2018, Tchap is a Matrix-based secure messaging tool exclusively for the French public sector, with over 300,000 monthly users and 500,000 Play Store downloads as of 2025.
The breach was detected by ANSSI on Sunday, prompting DINUM to disclose the incident on Monday. The attacker accessed the platform through a compromised account, potentially exposing personal data shared in conversations. DINUM has notified CNIL (France’s data protection authority) and warned users that public chat rooms are unencrypted and accessible to any user, advising against sharing sensitive information in them.
While the compromised account was immediately blocked, the investigation is ongoing to determine the extent of the breach. A threat actor later claimed responsibility, stating they gained access via social engineering on the education shard (matrix.agent.education.tchap.gouv.fr). The attacker alleged they exfiltrated:
- Hardcoded LDAP credentials from a PowerShell script shared by a French tax authority official.
- 13.5GB of documents and media files shared by public servants.
- Nearly 650,000 messages and metadata from 73,000+ accounts, including emails, organizational details, meeting links, and device information.
The attacker also claimed that all files shared on Tchap were downloadable without authentication, regardless of the shard hosting them. DINUM has not confirmed these details, and the incident remains under investigation.
This breach follows a recent cyberattack on ANTS (France’s national agency for secure documents), where a 15-year-old was detained last month for allegedly selling stolen data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2026
670
APRIL 2026
669
MARCH 2026
667
FEBRUARY 2026
665
JANUARY 2026
763
Breach
09 Jan 2026 • DIDN
L'État confirme la cyberattaque : 160 000 documents contenant des données sensibles récupérées par les pirates
Cyberattaque contre HubEE : 160 000 documents administratifs français exposés
664
CRITICAL-99
DIR1770028271
Cyberattaque contre HubEE : 160 000 documents administratifs français exposés
Le 16 janvier, la Direction interministérielle du numérique (DINUM) a confirmé une cyberintrusion sur HubEE, sa plateforme d’échange de documents administratifs, détectée le 9 janvier. Les attaquants ont exfiltré 70 000 dossiers, soit 160 000 documents, contenant des données sensibles d’usagers. Bien que les informations volées n’aient pas encore été diffusées, la DINUM a mis en place une veille active pour surveiller d’éventuelles fuites.
Quatre administrations principales sont concernées par cette fuite :
- La Direction de l’information légale et administrative (DILA),
- La Direction générale de la cohésion sociale (DGCS),
- La Direction générale de la Santé (DGS),
- La Caisse nationale des allocations familiales (CNAF).
Ces organismes collaborent avec la DINUM pour informer les usagers impactés, qui peuvent contacter le service juridique via [email protected].
Mesures immédiates et réponse sécuritaire
Dès la découverte de la faille, les équipes techniques ont bloqué l’accès aux attaquants et renforcé les protocoles de sécurité, avec une remise en service de la plateforme le 12 janvier. Une réinitialisation générale des mots de passe a été imposée, et l’authentification à double facteur est désormais obligatoire pour les comptes administrateurs.
L’incident a été signalé aux autorités compétentes :
- CNIL (notification officielle),
- ANSSI (Agence nationale de la sécurité des systèmes d’information),
- Premier ministre,
- Police judiciaire (plainte déposée le 12 janvier).
Contexte et enjeux
HubEE, peu connue du grand public, sert de canal centralisé pour les démarches administratives en ligne, notamment via Service-public.gouv.fr. Cette attaque s’ajoute à une série de brèches récentes dans les systèmes publics français, soulignant les vulnérabilités persistantes des infrastructures étatiques.
Les données exposées incluent des informations d’identification et des pièces justificatives, exposant les usagers à des risques de phishing ou d’usurpation d’identité. La DINUM a présenté ses excuses aux personnes concernées, tout en insistant sur la nécessité de renforcer la vigilance.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
763
NOVEMBER 2025
763
OCTOBER 2025
763
SEPTEMBER 2025
763
AUGUST 2025
763
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for DIDN ??
What was DIDN's A.I Rankiteo Cyber Score in June 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in May 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in April 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in March 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in February 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in January 2026 ??
What was DIDN's A.I Rankiteo Cyber Score in December 2025 ??
What was DIDN's A.I Rankiteo Cyber Score in November 2025 ??
What was DIDN's A.I Rankiteo Cyber Score in October 2025 ??
What was DIDN's A.I Rankiteo Cyber Score in September 2025 ??
What was DIDN's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on DIDN's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with DIDN ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view DIDN's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?