French authorities have detained a 22-year-old man over a cyberattack on the email servers of the French interior ministry that compromised files containing criminal records. An investigation is underway into the incident, which Interior Minister Laurent Nunez says is "more serious" than initially thought.
The arrest follows an attack on the ministry’s email system that affected an unspecified number of sensitive files.
A group of hackers claimed responsibility for the attack, which occurred on 11 December. They said they had stolen the data of “millions” of French people.
The French prosecutor’s department said on Wednesday that the suspect was already known to police and had been convicted of similar crimes earlier this year.
Criminal records accessed
The investigation is being handled by the cybercrime unit of the Paris prosecutor’s office. It is focusing on charges including attacks on a state-run automated personal data processing system by an organised gang.
This offence carries a maximum sentence of 10 years in prison.
Interior Minister Laurent Nunez said on Wednesday that the attack was more serious than initially thought.
“It’s serious,” he told FranceInfo radio. “A few days ago, I said that we didn’t know whether there had been any compromises or not. Now we know that there have been compromises, but we don’t know the extent of them.”
Macron pushes for new legislation to rapidly block digital disinformation
No ransom demand
Nunez said he had not received any ransom demand from the hackers.
He said the compromised files included criminal records and files on wanted individuals. He said the data was accessed because of “carelessness”, with passwords shared on messaging apps.
“I can tell you that there have not been millions of pieces of data extracted as of this morning (...), but I remain very cautious about the level of compromise,” he said.
Russia accused of cyberattacks on Paris Olympics and French election
A judicial probe and an administrative investigation were underway and the National Commission for Information Technology and Civil Liberties (CNIL) had been notified, Nunez said.
Cybersecurity specialist Baptiste Robert, who describes himself as an “ethical hacker”, said the attack was unprecedented regardless of its scale.
“In the nearly 15 years I’ve worked in cybersecurity, I’ve never heard of the Ministry of the Interior’s internal network being compromised,” he said. “They’re not the first hackers to try to attack the Ministry of the Interior, but they’re the first to have succeeded.”
(with newswires)
