French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches

A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees — has been arrested at his home in western France.

According to French prosecutors, the man was reportedly preparing to dump yet another collection of stolen data online at the time of his arrest on 20 April, and has admitted to using the pseudonym "HexDex" online.

The police investigation began on 19 December last year, when the Paris prosecutor's cybercrime unit received around 100 reports of data exfiltration, all apparently linked to the same perpetrator.

The man has since been formally charged with six offences, four of which carry the 'organised gang' aggravator under French law, and has been remanded in custody pending trial.

In an interview given before his arrest, HexDex reportedly described his motivation as purely financial."

HexDex's alleged victims reportedly include:

• The French Ministry of National Education - where he is said to have compromised Compas, the trainee teacher management system, exposing names, home addresses, phone numbers, and absence records for around 243,000 employees.
• The SIA, France's national firearms registry.
• The e-campus platform used to train France's national police force.
• The trade unions CFDT and FO.
• Paris's Philharmonie concert hall.
• Numerous French sports federations: sailing, athletics, motor sports, gymnastics, skiing, rugby league, aikido, university sport, mountain and climbing, American football, hiking, aeronautics, canoeing and kayaking, disability sports, and savate.
• French food banks.
• The hotel chains Logis Hôtels France and Brit Hotel.

Stolen data is said to have been republished on the cybercriminal marketplaces BreachForums and DarkForums, where his account is now displaying a message saying that it "had been seized."

Although HexDex has been linked to many data breaches, the authorities in France have been at pains to point out that he is not believed to be responsible for the recent breach of the ANTS portal, which may have exposed data on up to 12 million account holders.

If French police have indeed captured the true culprit, what's striking is that the breaches were not the work of a state-sponsored gang or slick ransomware group. Sometimes it can just be one young man, working from home, methodically exploring which organisations have not secured their systems properly.

The volume of breaches (roughly four claimed per week, for months on end) illustrates the depressing reality that even in 2026 we still have many web-facing systems with little or no authentication, unpatched vulnerabilities, and default passwords waiting to be guessed. Organisations would be wise to wake up to the importance of better security systems with multi-factor authentication (MFA), keeping networks and apps patched, strong access controls, and a tested incident response plan.

For every HexDex who eventually gets a knock on the door from the police, there are sadly plenty more still beavering away. The best way to prevent your organisation from being the next one targeted by hackers is to make yourself less attractive than the next organisation along.