French police have arrested a 20-year-old male suspected of alleged data exfiltration from dozens of websites and stealing private information. The man, known by his pseudonym HexDex, was arrested on Monday, 20 April 2026, at his residence in the Vendée area, and as per reports, the arrest happened just when he was about to leak more data online.
According to the information shared by the Paris prosecutor’s office, the investigation started in late December 2025 after they received nearly 100 reports of data theft. The hacker is, reportedly, accused of stealing data from many different groups, including sports organisations, government offices, and private companies, and posting it online, on websites like Breachforums and Darkforums (known platforms for sharing or selling stolen data).
A long list of targets
HexDex allegedly targeted around 15 different sports federations in France, including American Football, sailing, athletics, gymnastics, skiing, rugby, boxing, para-sports, motorsport, canoeing, aikido, and university sports groups.
Also, he is accused of allegedly targeting the French Ministry of Education in mid-March this year. According to French media, HexDex accessed a trainee teacher’s management system, Compas, which the ministry uses to launch a cyberattack. This attack affected 243,000 employees, exposing their names, home addresses, phone numbers, and records of their absences from work.
The list of targets also included the SIA, which is the national database for firearm owners, and the e-campus platform used for training the national police. HexDex allegedly also targeted the prefecture of Moselle, the National Agency for the Cohesion of Territories (ANCT), a public service recruitment portal called Choose the public service (Choisir le service public), and the Philharmonie de Paris concert hall. Even charities like food banks and hotel chains, including Logis Hôtels France and Brit Hotel, are amongst those targeted.
Investigation details
The Cybercrime Brigade (BL2C) seized HexDex’s computer equipment and took control of his Darkforum account. Hackread.com can confirm that the account now shows a notification stating it has been seized by the authorities.
While HexDex has admitted to using the online alias, officials claim that he is not responsible for a separate cyberattack on the ANTS (National Agency for Secured Titles) portal. That incident was detected on 15 April and may have exposed the data of 12 million account holders. The suspect remains in custody while the police conduct a forensic analysis of his devices to find out if more organisations were affected.
