French Police Arrest 20‑Year‑Old Hacker HexDex Tied to 100 Breaches and 243,000 Teacher Records Leak

French police detained a 20-year-old individual known as "HexDex" in western France. This arrest comes amid an ongoing investigation into multiple cyberattacks targeting French institutions.

The suspect is connected to about 100 website breach reports filed since late 2025. Authorities linked HexDex to a March cyberattack on the French Education Ministry’s Compas database. This incident exposed personal data from approximately 243,000 school staff. Compromised information included names, addresses, phone numbers, and absence records.

HexDex allegedly claimed responsibility for hacks and published stolen data on cybercrime marketplaces such as BreachForum and Darkforum. Investigators seized the suspect's Darkforum account and computer equipment for forensic analysis. Victims spanned diverse sectors, including national sports federations, food banks, hotel chains like Logis Hôtels France and Brit Hotel, and the Philharmonie de Paris concert hall. The suspect is also believed to have breached a government weapons information system.

This arrest highlights the persistent threat posed by individual actors targeting diverse sectors. The range of victims, from national sports bodies to critical government databases, demonstrates broad intent. The exposure of 243,000 teacher records underscores the severe impact on individuals, potentially leading to identity theft or targeted phishing campaigns. Organizations must recognize the value of human resources data to threat actors.

Organizations should prioritize robust access controls and multi-factor authentication (MFA) across all systems, especially those containing sensitive personal data. Regular vulnerability assessments and penetration testing can identify common attack vectors. Employee training on phishing and social engineering remains crucial, as these methods often serve as initial compromise points. Implementing a strong patch management program addresses known vulnerabilities effectively.

The ongoing investigation will likely reveal further details about the methods employed and the full scope of HexDex's activities.