SSH Blog | Defensive Cybersecurity

The Tchap Breach: An Architecture Lesson | SSH

Written by Jani Virkkula | Jul 7, 2026 10:38:17 AM

In June 2026, France’s digital affairs directorate, DINUM, confirmed a security incident involving Tchap, the French government’s messaging platform.  The story was quickly picked up by cybersecurity media, with many headlines focusing on the fact that an encrypted government messenger had been breached.

But that framing misses the more important point. The Matrix protocol was not broken. The encryption protecting private conversations was not broken either.

According to DINUM, private encrypted conversations remained protected after one user account was compromised. What was exposed sat outside that encryption boundary. And that is where the real lesson begins.

What happened?

Tchap is based on Matrix, an open standard for decentralised communication. The platform is used across the French public sector and supports both private encrypted conversations and public rooms.

The breach appears to have started with a compromised user account. Once inside, the attacker was able to access information available through public, unencrypted rooms. That included names, email addresses, employing organisations and avatar images for 73,467 users, out of more than 825,000 registered users.

That is significant. But it is also important to be precise. The encrypted private chats did what they were supposed to do. They remained protected. The exposure came from spaces that were open to users by design and not encrypted in the first place.

Encryption is not the whole architecture

This is the part that matters for governments, defence organisations, critical infrastructure operators and any organisation that depends on secure internal communication.

Encryption is essential, but it is not the whole security model.

Secure communication also depends on identity, access, deployment model, room structure, user permissions and operational control. If those layers are not designed carefully, sensitive information can still end up in places where encryption does not apply.

The lesson from Tchap is not that encrypted messaging does not work. The lesson is that secure communication systems need clear boundaries between different types of communication.

Some messages are general updates. Some are operational. Some contain personal data. Some may involve crisis response, legal matters, national security or mission-critical decisions. Those conversations should not all live under the same assumptions.

Built for mission-critical communication

For mission-critical environments, secure messaging cannot rely only on users choosing the right room or remembering the right process.

The platform itself needs to guide communication into the right level of protection.

That means making it clear which spaces are encrypted, who can access them, what kind of information belongs there and how far a compromised account could reach.

This is also why deployment, identity and control matter.

SalaX Secure Messaging uses Matrix technology, but it is built for organisations that need more than everyday collaboration. It is designed for secure, mission-critical communication, including on-premises deployments and out-of-band communication when primary systems are unavailable, compromised or no longer trusted.

For organisations with strict sovereignty requirements, SalaX also supports data sovereignty by helping them keep sensitive communication under their own control. It also offers strong identity verification options, including bank IDs and smart cards, so organisations can strengthen trust in who is accessing the platform.

Because during a cyberattack, outage or crisis, communication does not stop.

Teams still need to coordinate. They still need to make decisions. And they need a secure channel that remains separate from the affected environment.

The real takeaway

The Tchap incident is not a reason to move away from encrypted messaging. It is a reason to look more carefully at the architecture around it.

Encryption protects the messages that are encrypted. Architecture decides where those messages live, who can reach them and what happens when one part of the ecosystem is exposed.

For organisations under regulatory, sovereignty or mission-critical pressure, secure communication cannot depend only on good intentions or user awareness.

It needs to be designed into the platform from the start.

Explore SalaX Secure Messaging and learn how it supports secure, resilient communication for mission-critical environments >>>