French police arrest 21-year-old “HexDex” hacker for alleged 100 data breaches

A 21-year-old man suspected of having committed nearly 100 data breaches since late 2025 — including a hack of France’s National Education Ministry that exposed records on nearly a quarter of a million employees — has been arrested at his home in western France.

According to French prosecutors, the man was reportedly preparing to dump yet another batch of stolen data online when he was arrested on April 20, and admitted to using the pseudonym “HexDex” online.

The police investigation began on December 19 last year, when the Paris prosecutor’s office received approximately 100 reports of data breaches, all apparently linked to the same perpetrator.

The suspect has been charged with six crimes, four of which are “gang” abusers under French law, and has been remanded in custody during his trial.

In an interview given before his arrest, HexDex reportedly described his motivation as purely financial.

Reported HexDex victims include:

• France’s Ministry of National Education – where it is said to have compromised Compass, a system for managing trainee teachers, exposing the names, home addresses, phone numbers and absence records of around 243,000 staff.
• SIA, the French national firearms registry.
• An e-campus platform used to train the French national police.
• Trade unions CFDT and FO.
• The Paris Philharmonie concert hall.
• Many French sports associations: sailing, running, motor sports, gymnastics, skiing, rugby league, aikido, university sports, mountaineering and climbing, American football, hiking, aviation, canoeing and kayaking, sports for the disabled, and savate.
• French food banks.
• The hotel includes Logis Hôtels France and Brit Hotel.

The stolen information was allegedly reposted on cybercrime marketplaces BreachForums and DarkForums, where his account now displays the message “taken.”

Although HexDex has been linked to numerous data breaches, French authorities have been at pains to point out that it is not believed to be responsible for the recent breach of the ANTS portal, which may have exposed data on up to 12 million account holders.

If the French police have indeed caught the real culprit, what is surprising is that the breach was not the work of a state-sponsored gang or a sophisticated ransomware group. Sometimes it can be one guy, working from home, properly checking which organizations didn’t protect their systems properly.

The volume of breaches (nearly four per week, for months on end) reflects the depressing reality that even in 2026 we still have many web-facing systems with little or no authentication, undocumented vulnerabilities, and default passwords waiting to be guessed. Organizations would be wise to recognize the importance of better security systems with multi-factor authentication (MFA), which keep networks and applications connected, strong access controls, and a tested incident response system.

For every HexDex that ends up getting a knock on the door from the police, sadly there are still too many. The best way to prevent your organization from becoming the next target for hackers is to make yourself less desirable than the next organization.