French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Summary

French police arrested a 20-year-old hacker known as HexDex on April 20, 2026, suspected of stealing data from dozens of organizations including French government agencies, 15 sports federations, and private companies. The investigation began in late December 2025 after nearly 100 data theft reports; HexDex allegedly exposed 243,000 Ministry of Education employees' personal information and accessed national databases including firearm owner records. Police seized his equipment and took control of his Darkforum account, which now displays a seizure notification.

Full text

Cyber Crime Data Breaches SecurityFrench Police Arrest HexDex Hacker Over Mass Data Theft and Leaks French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms. byDeeba AhmedApril 24, 20262 minute read French police have arrested a 20-year-old male suspected of alleged data exfiltration from dozens of websites and stealing private information. The man, known by his pseudonym HexDex, was arrested on Monday, 20 April 2026, at his residence in the Vendée area, and as per reports, the arrest happened just when he was about to leak more data online. According to the information shared by the Paris prosecutor’s office, the investigation started in late December 2025 after they received nearly 100 reports of data theft. The hacker is, reportedly, accused of stealing data from many different groups, including sports organisations, government offices, and private companies, and posting it online, on websites like Breachforums and Darkforums (known platforms for sharing or selling stolen data). Source: @Seblatombe on X A long list of targets HexDex allegedly targeted around 15 different sports federations in France, including American Football, sailing, athletics, gymnastics, skiing, rugby, boxing, para-sports, motorsport, canoeing, aikido, and university sports groups. Also, he is accused of allegedly targeting the French Ministry of Education in mid-March this year. According to French media, HexDex accessed a trainee teacher’s management system, Compas, which the ministry uses to launch a cyberattack. This attack affected 243,000 employees, exposing their names, home addresses, phone numbers, and records of their absences from work. The list of targets also included the SIA, which is the national database for firearm owners, and the e-campus platform used for training the national police. HexDex allegedly also targeted the prefecture of Moselle, the National Agency for the Cohesion of Territories (ANCT), a public service recruitment portal called Choose the public service (Choisir le service public), and the Philharmonie de Paris concert hall. Even charities like food banks and hotel chains, including Logis Hôtels France and Brit Hotel, are amongst those targeted. Investigation details The Cybercrime Brigade (BL2C) seized HexDex’s computer equipment and took control of his Darkforum account. Hackread.com can confirm that the account now shows a notification stating it has been seized by the authorities. Darkforums account of HexDex hacker (Image credit: Hackread.com) While HexDex has admitted to using the online alias, officials claim that he is not responsible for a separate cyberattack on the ANTS (National Agency for Secured Titles) portal. That incident was detected on 15 April and may have exposed the data of 12 million account holders. The suspect remains in custody while the police conduct a forensic analysis of his devices to find out if more organisations were affected. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts BreachForumsCybersecurityDarkForumsdata breachData leakFranceHexDex Leave a Reply Cancel reply View Comments (0) Related Posts Security Securing your Spectrum compatible WiFi routers If you need to know how to work your Spectrum WiFi router security settings, we have some tips for you. Let's get started... byUzair Amir Read More Security Malware Critical GeoServer Vulnerability Exploited in Global Malware Campaign A critical GeoServer vulnerability (CVE-2024-36401) is being actively exploited, allowing attackers to take control of systems for malware… byDeeba Ahmed Read More Security Android Flaw in Older Version of Android Rooting Tool KernelSU Allows Full Device Takeover Zimperium’s zLabs team uncovers a critical security flaw in the popular Android rooting tool, KernelSU v0.5.7. Learn how… byDeeba Ahmed Malware Security New skimmer attack uses fake credit card form to steal data The unique aspect of this attack is that WebSockets is used instead of other methods such as HTML tags to extract the information needed. bySudais Asif

Entities