French Police Arrest Suspected Hacker Behind Dozens of Data Breaches

The arrest of a 20‑year‑old hacker known as HexDex marks a rare breakthrough for French law‑enforcement in a wave of cyber intrusions that have rattled the country since late 2025. Investigators from the Paris prosecutor’s cybercrime unit traced the suspect through activity on underground marketplaces such as BreachForum and Darkforum, where stolen files were regularly posted. By seizing the offender’s Darkforum account and computer hardware, authorities gained a foothold for forensic analysis that could reveal the tools and tactics behind roughly one hundred reported website compromises across public and private sectors.

The most consequential breach uncovered so far involved the Ministry of National Education’s Compas system, leaking names, addresses, phone numbers and attendance records of about 243,000 teachers. Similar attacks hit a spectrum of organizations—from national sports federations spanning sailing to gymnastics, to hospitality chains Logis Hôtels France and Brit Hotel, and even the Philharmonie de Paris concert hall. A reported intrusion into a weapons‑information database added a layer of national‑security concern. These disclosures not only violate France’s GDPR obligations but also erode public confidence in the digital safeguards of essential services.

HexDex’s capture underscores the urgency for French entities to adopt a layered security posture, including zero‑trust architectures, continuous monitoring, and rapid incident‑response playbooks. The case also illustrates the growing sophistication of young threat actors who leverage anonymous forums to monetize stolen data. Policymakers are likely to tighten enforcement of the 2022 Cybersecurity Act and push for mandatory breach‑notification timelines. For businesses operating in Europe, the episode serves as a cautionary tale: robust cyber‑hygiene and collaboration with law‑enforcement are now indispensable components of risk management.