Dutch Police Data Exposure After Mistakenly Sharing Confidential Files With a Civilian
Dutch police arrested a 40-year-old man from Ridderkerk after he obtained confidential police documents due to a police error and then allegedly attempted to leverage possession of the files for something in return. According to police, the man was taken into custody on Thursday evening, his home was searched, and data storage devices were seized to recover the documents and prevent further dissemination; authorities also reported the incident as a data breach and said the investigation is ongoing.
Reporting indicates the incident began when the man contacted police in connection with a separate matter and was sent a link intended for uploading images; instead, an officer mistakenly sent a download link, granting access to sensitive materials the recipient was not meant to see. While the man reportedly did not exploit a technical vulnerability or “break in” in a traditional sense, police said he was instructed to stop and delete the material and refused unless he “received something in return,” prompting the arrest and evidence seizure to contain the exposure.
Related Entities
Sources
2 more from sources like register security and bleeping computer
Related Stories
Dutch Police Data Theft via Compromised Email and M365 Cloud Security Gaps
Dutch police suffered a major data theft attributed to a **Russian cyber group** after attackers gained access via an employee’s **email account** and exfiltrated sensitive personnel information. Stolen data reportedly included the contact details of nearly all **~65,000 police officers**, along with profile photos and other personal data, triggering significant internal unrest and concern about officer safety and privacy. Investigative reporting indicates the organization had been **warned in advance** about security weaknesses relevant to the intrusion path. Documents obtained under the Netherlands’ Open Government/Woo framework describe an internal **November 2022 risk analysis** that raised concerns about the implementation and security of Microsoft’s **M365 cloud** (used for tools such as *Teams*), explicitly noting “inherent” cloud risks and that **state actors** would be highly motivated to access the environment. Following the 2024 theft, police reportedly stood up a heavy crisis response structure (the *Nationale Staf Grootschalig en Bijzonder Optreden*) to reduce immediate risk and implement additional security measures, while political and union voices characterized the incident as severe and questioned why earlier warnings were not acted upon.
1 months ago
Dutch Organizations Report Data Breaches and Extended Unauthorized Access
Dutch authorities reported a prolonged compromise at the Dutch prisons agency **DJI**, where attackers reportedly maintained access for at least **five months**. Exposed information included staff **email addresses, phone numbers, and security certificates**, and the Dutch NCSC indicated the intruders also accessed **phones, tablets, and laptops**, though the extent of data access on those endpoints was not confirmed; DJI did not confirm whether access had been fully removed. Separately, Dutch telecom **Odido** disclosed a **data breach followed by an extortion attempt**, after which attackers publicly released about **1M records** (including **317k unique email addresses**) and threatened additional leaks. The published data reportedly included **names, physical addresses, phone numbers, bank account numbers**, and customer-service notes; Odido’s notice also warned that **dates of birth** and government ID numbers (passport/driver’s license) were impacted. A **Canadian Tire** breach entry describes a different incident in Canada (October 2025) involving ~**42M records** with PBKDF2-hashed passwords and some partial payment-card metadata, and is not part of the Netherlands-focused events above.
2 weeks agoMassive Data Exposure via Misconfigured Elasticsearch Server Containing 6 Billion Records
A misconfigured Elasticsearch server, believed to be operated from Russia or a Russian-speaking country, was discovered leaking over 6.19 billion records to the public internet without any authentication or password protection. The exposed server contained a massive trove of 1.12 terabytes of data, including records collected from both disclosed and undisclosed data breaches, as well as information obtained through website scraping. Among the most sensitive data found were records from Ukrainian bank Accordbank, which included users’ full names, birthdates, birthplaces, addresses, phone numbers, national ID numbers, passport numbers, and tax codes. Independent cybersecurity researcher Anurag Sen was the first to identify the exposed server and report its existence to the media. The server’s index information confirmed the scale of the exposure, with over 6.19 billion records available for anyone to access. Screenshots from the server revealed that the data was stored in JSON format and included detailed personally identifiable information (PII) from various sources. The database also contained files referencing Accordbank, which were later observed being peddled by the user "tRex_Prime" on DarkForums, indicating that the data may have already been accessed and distributed by other threat actors. The leak included not only banking and contact information but also records from other breaches and data scraped from websites, making the exposure particularly broad and damaging. The server was eventually taken offline, but it remains unclear how long the data was accessible or how many unauthorized parties may have downloaded the information. Previous incidents involving hacking groups such as ShinyHunters and Nemesis were also mentioned, as they had leaked stolen data and hacking tools from other exposed cloud storage resources in the past. The incident highlights the ongoing risks associated with misconfigured cloud infrastructure and the potential for large-scale data aggregation to amplify the impact of breaches. Security experts warn that such exposed databases are prime targets for cybercriminals seeking to exploit PII for identity theft, fraud, and further attacks. The presence of both old and new breach data, as well as scraped information, demonstrates the evolving tactics of threat actors in collecting and monetizing sensitive information. Organizations are urged to regularly audit their cloud configurations and monitor for unauthorized data exposures to prevent similar incidents. The scale and sensitivity of the leaked data underscore the urgent need for improved security practices in managing large datasets, especially those containing PII from multiple sources. The incident serves as a stark reminder of the consequences of failing to secure cloud-based data storage and the far-reaching impact such exposures can have on individuals and organizations worldwide.
5 months ago