What data was stolen from the French Ministry of Agriculture?

The leaked data reportedly includes approximately 60.9GB of files containing FTP server lists with credentials, SQL database files, application logs, synchronization tools, files from 32 French departments, and various internal system files totaling 97,210 files across 1,250 folders.

When was the French Ministry of Agriculture breach discovered?

The threat actors posted about the breach on December 29, 2025, claiming it represents 'just the start of our attacks against France.' The exact date of the initial compromise has not been disclosed.

Who is responsible for the Ministry of Agriculture breach?

A threat group claiming affiliation with 'LAPSUS$ GROUP' has taken responsibility for the breach. They have made the data available via an IP address with password protection.

What is the French Ministry of Agriculture responsible for?

The French Ministry of Agriculture and Food Sovereignty is a government agency responsible for agriculture policy, food production oversight, food security, and supporting France's agricultural sector.

What is the national security impact of this breach?

The breach exposes critical government infrastructure credentials, internal systems access, agricultural data, and operational intelligence that could be exploited for further attacks against French government systems or to compromise food security operations.

Has this breach been verified by French authorities?

The authenticity of the leaked data has not been independently verified or confirmed by the French Ministry of Agriculture or government cybersecurity agencies at the time of this report.

How many incidents has the LAPSUS$ threat actor been involved in?

According to threat intelligence data, the LAPSUS$ threat actor has been linked to at least 174 incidents since first being observed in September 2025, targeting organizations across the USA, France, UK, Germany, and Iran in sectors including telecommunications, cybersecurity, aviation, financial services, and education.

LAPSUS$ Group Claims 60GB Data Leak from French Ministry of Agriculture

API Access for Researchers & Security Teams

SOC teams, researchers, and security professionals can integrate Dark Web Informer's threat intelligence directly into their workflows via API. Access real-time breach data, threat feeds, and monitoring capabilities programmatically.

Learn About API Access

Disclaimer

This breach alert includes material that may contain personally identifiable information (PII) gathered strictly from publicly available sources. All information is provided solely for cybersecurity awareness and threat intelligence purposes.

Quick Facts

Date and Time of Alert

2025-12-29 00:15:19 UTC

Threat Actor

LAPSUS$ GROUP

Victim Country

France

Industry

Agriculture & Farming / Government

Victim Org.

French Ministry of Agriculture and Food Sovereignty

Victim Site

agriculture.gouv.fr

Incident Overview

A threat group operating under the name "LAPSUS$ GROUP" has published what they claim is approximately 60.9GB of data stolen from France's Ministry of Agriculture and Food Sovereignty. The leak was posted to BreachForums on December 29, 2025, with the threat actors stating this is "just the start of our attacks against France."

The ministry, which oversees agriculture policy, food production, and food security across France, appears to have suffered a significant compromise of its internal systems. According to the breach post, the leaked archive contains a mix of FTP server credentials, SQL databases, application logs, and files spanning 32 French departments. The threat actors have made the data available through a direct IP address download protected by a password.

What makes this incident particularly concerning is the breadth of the compromise. The leaked data package reportedly contains 97,210 files organized across 1,250 folders, suggesting extensive access to the ministry's infrastructure. The threat actors specifically highlight several categories of compromised data in their post, painting a picture of deep system penetration rather than a surface-level breach.