French authorities have arrested a 22-year-old man in connection with a French Interior Ministry cyberattack, marking an important development in an investigation into the breach of the ministry’s internal email systems. The arrest was carried out on December 17, 2025, following an inquiry led by the cybercrime unit of the Paris prosecutor’s office.
According to a notice issued by France’s Ministry of the Interior, the suspect was taken into custody on charges including unauthorized access to a state-run automated personal data processing system. The offense carries a maximum sentence of up to 10 years in prison.
“A person was arrested on December 17, 2025, as part of an investigation opened by the cybercrime unit of the Paris prosecutor’s office, on charges including unauthorized access to a state-run automated personal data processing system, following the cyberattack against the Ministry of the Interior,” the press release, translated into English, said.
The ministry confirmed that the individual, born in 2003, is already known to the justice system and was convicted earlier in 2025 for similar cyber-related offenses. Authorities have not disclosed the suspect’s identity.
“The suspect, born in 2003, is already known to the justice system, having been convicted of similar offenses in 2025,” release added further.
Investigation Into Cyberattack on France’s Ministry of the Interior
The French Interior Ministry cyberattack was first publicly acknowledged last week, after officials revealed that the ministry’s internal email servers had been compromised. The cyberattack was detected overnight between Thursday, December 11, and Friday, December 12, and resulted in unauthorized access to a number of document files.
French Interior Minister Laurent Nuñez described the incident as more serious than initially believed. Speaking to Franceinfo radio, he said, “It’s serious. A few days ago, I said that we didn’t know whether there had been any compromises or not. Now we know that there have been compromises, but we don’t know the extent of them.”
Authorities later confirmed that the compromised files included criminal records, raising concerns about the sensitivity of the exposed information. However, Nuñez urged caution when assessing the scale of the breach.
I can tell you that there have not been millions of pieces of data extracted as of this morning (…), but I remain very cautious about the level of compromise,” he added.
Legal Action Aganist French Interior Ministry cyberattack
In a statement issued by Public Prosecutor Laure Beccuau, officials said the suspect of French Interior Ministry cyberattack was arrested as part of an investigation into unauthorized access to an automated data processing system, allegedly carried out as part of an organized group. Prosecutors reiterated that this offense is punishable by up to 10 years’ imprisonment.
The investigation is being conducted by OFAC, France’s Office for Combating Cybercrime. Authorities noted that a further statement will be released once the police custody period ends, which can last up to 48 hours.
French prosecutors also confirmed that while the suspect has prior convictions for similar crimes in 2025, they are not disclosing further details about those cases.
Government Response and Security Measures
Following the French Interior Ministry cyberattack, the Ministry of the Interior implemented standard security protocols and strengthened access controls across its systems.
Speaking on RTL Radio, Minister Nuñez confirmed the attack and the immediate response, “There was indeed a cyberattack. An attacker was able to access a number of files. So we implemented the usual protection procedures.”
He further stated that investigations into French Interior Ministry cyberattack are ongoing at both judicial and administrative levels, and that France’s data protection authority, the National Commission for Information Technology and Civil Liberties (CNIL), has been notified.
On RTL Matin, Nuñez emphasized that the origin of the French Interior Ministry cyberattack remains unclear, “It could be foreign interference, it could be people wanting to challenge the authorities and demonstrate their ability to access systems, and it could also be cybercrime. Right now, we don’t know what it is.”
Claims of Responsibility Surface Online
Following public disclosure of the French Interior Ministry cyberattack incident, a post appeared on an underground forum claiming responsibility for the breach.
The post stated, “We hereby announce that, in revenge for our arrested friends, we have successfully compromised ‘MININT’ — the French Ministry of the Interior.”
The message appeared to reference the 2025 arrests of five BreachForums moderators and administrators, known online as “ShinyHunters,” “Hollow,” “Noct,” “Depressed,” and “IntelBroker.” However, authorities have not confirmed any direct link between the arrested suspect and these claims.
As the investigation into the French Interior Ministry cyberattack continues, French officials have stressed that all possibilities remain under consideration and that further updates will follow once the custody period concludes.
