TAJ File Hacked: 19 Million Judicial Records Exposed
"Your criminal history for sale on the dark web. Your arrests, detentions, convictions... even expunged ones. The TAJ file has been hacked."
Table of Contents
- What Is the TAJ File?
- The Hack: What We Know
- The Grave Consequences
- The Root Problem: A Flawed File
- Your Rights Regarding the TAJ
- How to Protect Yourself
- Accountability
- FAQ
- Conclusion: The State Guarantees... Nothing
- Sources
The TAJ — Traitement des Antecedents Judiciaires (Judicial Records Processing) — is one of France's most sensitive files. It records the judicial history of 19 million people: convicted individuals, suspects, people held in custody... but also victims and witnesses.
In 2024, this ultra-confidential file was compromised. Information that should have remained sealed in police archives ended up in hackers' hands. The consequences are potentially devastating.
What Is the TAJ File?
19 million French citizens on file: suspects, convicted, but also victims and witnesses.
The French Police Super-File
The TAJ was created in 2012 from the merger of two historic files:
- STIC (System for Processing Recorded Offenses) — National Police
- JUDEX (Judicial Documentation and Exploitation System) — Gendarmerie
It is now the centralized database of judicial records in France.
Who Is in the TAJ?
The TAJ does not only contain criminals. Its scope is much broader:
| Category | Filed in TAJ |
|---|---|
| Convicted individuals | Yes |
| Persons under investigation | Yes |
| Persons held in police custody | Yes |
| Persons merely suspected | Yes |
| Crime victims | Yes |
| Witnesses (in some cases) | Sometimes |
The key figure:
19 million people are filed in the TAJ — roughly 1 in 3.5 French citizens (counting adults).
Data Contained
For each filed person, the TAJ may contain:
| Information Type | Present |
|---|---|
| Full civil status | Yes |
| Identification photograph | Yes |
| Known addresses | Yes |
| Profession | Yes |
| Nature of alleged offenses | Yes |
| Date and location of offenses | Yes |
| Criminal classification | Yes |
| Court decisions | Yes |
| Links to other filed individuals | Yes |
Who Can Access the TAJ?
Access to the TAJ is normally strictly controlled:
Direct access:
- National Police and Gendarmerie (judicial investigations)
- Magistrates (prosecutors, judges)
Access for administrative investigations:
- Prefectures (certain sensitive positions)
- Prison administration
- Intelligence services
Employer access (indirect):
- For security professions
- For positions working with minors
- Via prefectural background checks
The Hack: What We Know
Alleged dark web sale: your judicial records at bargain prices.
The Revelation
The compromise of the TAJ was gradually revealed:
| Date | Event |
|---|---|
| 2024 | First alerts about unauthorized access |
| 2024 | Alleged sale of TAJ data on the dark web |
| 2024 | Investigation opened by specialized services |
The Alleged Method
Based on available information, the attack may have occurred via:
- Account hijacking of authorized agents
- Exploitation of vulnerabilities in access systems
- Social engineering targeting authorized personnel
- Potential insider complicity
"Access to the TAJ is supposed to be strictly controlled, but verification and audit capabilities are insufficient. Thousands of agents access it daily."
— Source close to the investigation
Scale of the Breach
Precise information remains confidential, but what is feared:
- Extraction of several million records
- Data potentially covering several decades
- Information on suspects, convicted AND victims
- Identification photographs included
The Grave Consequences
Expunged records revealed, identifiable victims, national security compromised: a disaster.
1. For Filed Individuals (Suspects, Convicted)
Revelation of expunged records:
- Dismissed cases may resurface
- Amnestied convictions may be exposed
- The right to be forgotten is violated
Impact on professional life:
- Job loss if employer discovers records
- Inability to access certain professions
- Employment contract termination
Impact on personal life:
- Family breakdowns
- Social exclusion
- Potential blackmail
2. For Victims
This is the most troubling aspect: victims are also on file.
Risks for victims:
- Identification by their aggressors
- Possible retaliation (domestic violence, harassment)
- Revelation of past traumas
- Social stigmatization
"I was a victim of domestic violence 10 years ago. If my ex learns I'm in this file and where I live now, my life is in danger."
— Anonymous testimony
The case of sexual violence victims:
- Possible identification
- Blackmail risk
- Non-consensual revelation of traumatic events
3. For National Security
Compromised investigations:
- Suspects may learn they are being monitored
- Ongoing investigations may be sabotaged
- Informants may be identified
Risks for law enforcement:
- Identification of undercover agents
- Targeting of police officers by criminals
- Retaliation against investigators
Corruption risks:
- Blackmail of filed individuals in sensitive positions
- Manipulation of public officials with criminal records
- Compromise of decision-makers
4. For Institutional Trust
This breach demonstrates that the French State cannot protect its most sensitive files.
If the TAJ can be hacked, what about:
- Intelligence files (DGSI, DGSE)?
- Military databases?
- Medical records?
The Root Problem: A Flawed File
36% of French adults on file: too many people, for too long, with too many errors.
Too Many People Filed
The TAJ contains 19 million people. That is enormous:
| Statistic | Figure |
|---|---|
| French adult population | ~52 million |
| People in TAJ | ~19 million |
| Proportion | ~36% |
More than a third of French adults are reportedly on file. This includes:
- Individuals never convicted
- People filed for minor offenses
- Innocent people (errors, dismissed cases)
- Victims
Excessive Retention Periods
Data can be retained for very long periods:
| Category | Retention Period |
|---|---|
| Minor victims | 15 years |
| Adult victims | 15 years |
| Minors under investigation | 5 years (extendable to 10/20 years) |
| Adults under investigation | 20 years (extendable to 40 years) |
| Serious crimes | Up to 40 years |
Errors Difficult to Correct
Numerous reports from CNIL and the Defender of Rights have highlighted:
- People filed in error
- Information not updated after acquittal
- Kafkaesque deletion procedures
- Unjustified access refusals
"The right of access to the TAJ is an obstacle course. Many give up."
— Defender of Rights, 2023 Report
Your Rights Regarding the TAJ
Access via CNIL, possible deletion, but Kafkaesque procedures: your theoretical rights.
Indirect Right of Access
You cannot access the TAJ directly. You must go through the CNIL:
Procedure:
- Download the form from cnil.fr
- Attach a copy of your ID
- Send by mail to CNIL
- Wait for response (several months)
What you will receive:
- Confirmation of presence or absence in the file
- Nature of data if present
- Possibility to request correction/deletion
Right to Deletion
You can request deletion of your record in certain cases:
Deletion by right:
- Case dismissed
- Acquittal
- No further action
- Amnesty
Procedure:
- Request to the public prosecutor
- Variable timeline (often several months)
- Court appeal possible in case of refusal
Practical Difficulties
In reality, exercising these rights is complicated:
- Long and bureaucratic procedures
- Sometimes incomplete responses
- Frequent deletion refusals
- Need to follow up multiple times
How to Protect Yourself
CNIL access right, identity monitoring, documentation: minimize potential damage.
If You Think You Are in the TAJ
1. Exercise your right of access
- Submit the request via CNIL
- Keep all documents
2. Request deletion if eligible
- Case dismissed
- Acquittal
- Statute of limitations expired
3. Monitor for signs of exploitation
- Identity theft
- Suspicious contacts
- Blackmail
If You Are a Victim in the TAJ
This situation is particularly delicate:
1. Contact a victim assistance organization
- Legal aid
- Psychological support
2. Consider requesting deletion
- Even victims can request deletion
- Under certain conditions
3. Strengthen personal security
- Change address if necessary
- Use a registered address service
- Protect communications
General Measures
| Action | Priority |
|---|---|
| Identity monitoring | High |
| Bank fraud alert | High |
| Registered address if at risk | Depends on situation |
| Damage documentation | Important |
Accountability
Criminal complaint, civil action, CNIL, Defender of Rights: all your possible remedies.
Ministry of the Interior
The TAJ is managed by the Ministry of the Interior. Its responsibility is engaged:
- Obligation to secure data
- Obligation to notify in case of breach
- Liability in case of harm
Available Remedies
Criminal complaint:
- For personal data breach
- For endangering lives (victims)
Civil action:
- Claim for damages
- Before the administrative court (against the State)
Filing with CNIL:
- For GDPR violation
- For security failure
Filing with the Defender of Rights:
- For administrative dysfunction
- For fundamental rights violations
FAQ
How do I know if I am in the TAJ file?
You must exercise your indirect right of access via CNIL. Send the form available at cnil.fr with a copy of your ID. The response may take several months.
Can I request deletion of my TAJ record?
Yes, in certain cases: case dismissed, acquittal, no further action, amnesty. The request is made to the public prosecutor of the court where the case was tried or dismissed.
I am a victim, why am I on file?
The TAJ also records crime victims, particularly for investigation and judicial follow-up purposes. This is a problematic situation that regularly draws criticism.
Can this hack harm me professionally?
Potentially yes. If information about you circulates, a current or future employer could access it indirectly. This is particularly concerning for people with minor records or dismissed cases.
Will the State compensate victims of this leak?
No automatic compensation procedure is planned. You can file a liability action against the State before the administrative court if you can demonstrate harm.
What do the hackers face?
Unauthorized access to an automated data processing system is punishable by 2 years in prison and EUR60,000 in fines. Disclosure of sensitive data increases penalties. If endangerment is established, sanctions can be much heavier.
Conclusion: The State Guarantees... Nothing
The hacking of the TAJ file reveals a troubling truth: the French State is unable to protect its most sensitive files.
Key takeaways:
- 19 million people are filed in the TAJ
- Victims and suspects are all affected
- The consequences of a leak are potentially devastating
- The State lacks the means to secure this data
- Your rights exist but are difficult to exercise
This case fits into a broader context of French digital vulnerability. Social services, France Travail, hospitals, police files... no sector is spared.
Related Articles — Cybersecurity & Data Protection
- Telecom Operators Hacked: SFR, Free, Orange
- Protect Your Personal Data: France Guide
- France Travail Hacked: 43 Million Records Stolen
- Viamedis Almerys Health Insurance Hack
- Hospital Cyberattacks in France: Ransomware
Sources
- CNIL — The TAJ file
- Defender of Rights — Reports on police files
- Le Monde — Police files: millions of French citizens on file
- Numerama — Cyberattacks against French institutions
- French Code of Criminal Procedure (articles on the TAJ)
- Parliamentary reports on police files