Tchap Breach Exposes Architectural Weakness, Not Broken Encryption

France's sovereign Tchap messaging platform was compromised on 9 June 2026 via a hijacked user account, resulting in exfiltration of approximately 643,000 government messages. The attacker exploited inadequate access controls rather than cryptographic failure: once authenticated, the Matrix-based system allowed bulk message retrieval without rate-limiting or anomaly detection. The breach underscores that encryption alone is insufficient; sovereign infrastructure requires equivalent investment in session security and operational controls.