Dutch Police Data Theft via Compromised Email and M365 Cloud Security Gaps
Dutch police suffered a major data theft attributed to a Russian cyber group after attackers gained access via an employee’s email account and exfiltrated sensitive personnel information. Stolen data reportedly included the contact details of nearly all ~65,000 police officers, along with profile photos and other personal data, triggering significant internal unrest and concern about officer safety and privacy.
Investigative reporting indicates the organization had been warned in advance about security weaknesses relevant to the intrusion path. Documents obtained under the Netherlands’ Open Government/Woo framework describe an internal November 2022 risk analysis that raised concerns about the implementation and security of Microsoft’s M365 cloud (used for tools such as Teams), explicitly noting “inherent” cloud risks and that state actors would be highly motivated to access the environment. Following the 2024 theft, police reportedly stood up a heavy crisis response structure (the Nationale Staf Grootschalig en Bijzonder Optreden) to reduce immediate risk and implement additional security measures, while political and union voices characterized the incident as severe and questioned why earlier warnings were not acted upon.
Related Entities
Organizations
Sources
Related Stories
Dutch Police Data Exposure After Mistakenly Sharing Confidential Files With a Civilian
Dutch police arrested a **40-year-old man from Ridderkerk** after he obtained **confidential police documents** due to a police error and then allegedly attempted to leverage possession of the files for something in return. According to police, the man was taken into custody on Thursday evening, his home was searched, and data storage devices were seized to recover the documents and prevent further dissemination; authorities also reported the incident as a **data breach** and said the investigation is ongoing. Reporting indicates the incident began when the man contacted police in connection with a separate matter and was sent a link intended for **uploading** images; instead, an officer mistakenly sent a **download link**, granting access to sensitive materials the recipient was not meant to see. While the man reportedly did not exploit a technical vulnerability or “break in” in a traditional sense, police said he was instructed to stop and delete the material and refused unless he “received something in return,” prompting the arrest and evidence seizure to contain the exposure.
4 weeks ago
Dutch Organizations Report Data Breaches and Extended Unauthorized Access
Dutch authorities reported a prolonged compromise at the Dutch prisons agency **DJI**, where attackers reportedly maintained access for at least **five months**. Exposed information included staff **email addresses, phone numbers, and security certificates**, and the Dutch NCSC indicated the intruders also accessed **phones, tablets, and laptops**, though the extent of data access on those endpoints was not confirmed; DJI did not confirm whether access had been fully removed. Separately, Dutch telecom **Odido** disclosed a **data breach followed by an extortion attempt**, after which attackers publicly released about **1M records** (including **317k unique email addresses**) and threatened additional leaks. The published data reportedly included **names, physical addresses, phone numbers, bank account numbers**, and customer-service notes; Odido’s notice also warned that **dates of birth** and government ID numbers (passport/driver’s license) were impacted. A **Canadian Tire** breach entry describes a different incident in Canada (October 2025) involving ~**42M records** with PBKDF2-hashed passwords and some partial payment-card metadata, and is not part of the Netherlands-focused events above.
2 weeks ago
European Institutions Breached via Ivanti Endpoint Manager Mobile Vulnerabilities
The **European Commission** disclosed it is investigating a breach after detecting traces of an attack against its central **mobile device management (MDM)** infrastructure used to administer staff mobile devices. The Commission said the incident was contained and the system cleaned within **nine hours**, and it has not found evidence that managed mobile devices themselves were compromised; however, attackers may have accessed limited staff personal data such as **names and mobile phone numbers**. The activity appears consistent with a broader set of intrusions affecting European public-sector bodies tied to vulnerabilities in **Ivanti Endpoint Manager Mobile (EPMM)**. Dutch authorities reported that the **Dutch Data Protection Authority** and the **Council for the Judiciary/Justice** experienced nearly identical breaches in which unauthorized parties exploited an Ivanti EPMM software flaw to access employee data, including **names, email addresses, and phone numbers**, suggesting a shared exploitation vector across multiple European institutions’ MDM deployments.
1 months ago