The Paris prosecutor’s office announced, on December 17, the arrest of a person as part of the investigation opened after the cyberattack targeting the Ministry of the Interior. According to the press release signed by the public prosecutor, Laure Beccuau, the facts are qualified as an attack on an automated processing system of personal data implemented by the State, committed by an organized gang, an offense punishable by ten years of imprisonment.
The suspect, born in 2003, is already known to the courts for similar facts which gave rise to a conviction in 2025. Arrested in Limoges in Haute Vienne on December 17, he was placed in police custody as part of investigations carried out by the anti-cybercrime section of the Paris prosecutor’s office and the Anti-Cybercrime Office (OFAC). A new communication is expected at the end of this measure, which can last up to forty-eight hours.
The criminal qualification retained by the prosecution establishes that the intrusion is not limited to isolated fraudulent access, but concerns a state system processing personal data, with an aggravating circumstance linked to organized gang action. It implies the existence of prior coordination and the effective consultation of sensitive data, the scope of which remains to be specified.
These elements were partially confirmed by the Minister of the Interior. On December 17 on franceinfo, Laurent Nuñez indicated that the ministry had “been the subject of a malicious intrusion” described as a “serious act”, part of compromised professional mailboxes. He confirmed access to sensitive internal files, including the Processing of Criminal Records (TAJ) and the File of Wanted Persons (FPR), while recognizing that “the extent of the compromises” was not yet known.
The ministry contacted the CNIL, as required by law, and opened an internal administrative investigation.
