Back

French Police Arrest 21-Year-Old Hacker 'HexDex' Linked to 100 Data Breaches

Severity: Medium (Score: 51.9)

Sources: Bitdefender, www.cyberattaque.org, www.zataz.com, actu17.fr, www.franceinfo.fr

Summary

A 21-year-old man, known by the pseudonym 'HexDex', was arrested in western France for allegedly conducting around 100 data breaches since late 2025. His most notable attack involved the French Ministry of National Education, compromising records of nearly 250,000 employees. The investigation began on December 19, 2025, following numerous reports of data exfiltration linked to the same individual. At the time of his arrest on April 20, 2026, he was reportedly preparing to release another batch of stolen data online. HexDex faces six charges, four of which are aggravated under organized crime laws, and is currently in custody awaiting trial. His activities have reportedly included the sale of stolen data on cybercriminal marketplaces like BreachForums and DarkForums. Authorities clarified that he is not connected to the recent breach of the ANTS portal, which may have affected up to 12 million users. This case highlights ongoing vulnerabilities in web-facing systems, emphasizing the need for improved security measures among organizations. Key Points: • HexDex is linked to approximately 100 data breaches, including a major hack of the French Ministry of National Education. • The hacker was arrested while preparing to release more stolen data online. • Authorities stress the importance of enhanced security measures to prevent similar breaches.

Key Entities

  • HexDex (apt_group)
  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • ANTS Portal (company)
  • Bordeaux Métropole (company)
  • Brit Hotel (company)
  • Exclusive Networks (company)
  • French Ministry Of National Education (company)
  • France (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-798 - Use of Hard-coded Credentials (cwe)
  • sejourneur.com (domain)
  • taxedesejour.bordeaux.metropole.fr (domain)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Calypsso (platform)
  • Compas (platform)
  • E-campus (platform)
  • Qilin (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed