Dutch Police Data Exposure After Mistakenly Sharing Confidential Files With a Civilian
Dutch police arrested a 40-year-old man from Ridderkerk after he obtained confidential police documents due to a police error and then allegedly attempted to leverage possession of the files for something in return. According to police, the man was taken into custody on Thursday evening, his home was searched, and data storage devices were seized to recover the documents and prevent further dissemination; authorities also reported the incident as a data breach and said the investigation is ongoing.
Reporting indicates the incident began when the man contacted police in connection with a separate matter and was sent a link intended for uploading images; instead, an officer mistakenly sent a download link, granting access to sensitive materials the recipient was not meant to see. While the man reportedly did not exploit a technical vulnerability or “break in” in a traditional sense, police said he was instructed to stop and delete the material and refused unless he “received something in return,” prompting the arrest and evidence seizure to contain the exposure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Police report the exposure as a data breach and open an investigation
Following the incident, Dutch police formally reported the mistaken disclosure as a data breach and began investigating both the disclosure and the suspect's conduct. Authorities said the man was being investigated on suspicion of computer trespass/unauthorized access under Dutch law.
Dutch police arrest suspect and seize devices after failed extortion attempt
On Thursday evening, police arrested the 40-year-old man in Ridderkerk, searched his home, and seized data storage devices to recover the confidential files and prevent their dissemination. Authorities said they had no indication the documents were shared further.
Police order recipient to stop downloading and delete the files
After discovering the error, Dutch police instructed the man not to access the documents further and to delete any files he had obtained. Authorities later said he refused to comply and asked for "something in return," which they treated as attempted extortion.
Police mistakenly send confidential-file download link to Ridderkerk man
On 2026-02-12, a man contacted Dutch police about images relevant to an investigation, but an officer accidentally sent him a download link to confidential police documents instead of a secure upload link. The mistaken access exposed sensitive law enforcement files to the recipient.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Dutch police arrest man for "hacking" after accidentally sending him confidential files
bitdefender.com
Open sourceDutch man arrested for attempting to extort police after accidental data leak | SC Media
scworld.com
Open sourceDutch police arrest man who refused to delete confidential files shared by mistake | The Record from Recorded Future News
therecord.media
Open sourceHe tried to extort the Dutch police. It didn’t work out well for him. - DataBreaches.Net
databreaches.net
Open sourceMan aangehouden voor computervredebreuk na vergissing politie | politie.nl
politie.nl
Open sourceDutch cops arrest man after sending him confidential files • The Register
go.theregister.com
Open sourceMan arrested for demanding reward after accidental police data leak
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Dutch Police Data Theft via Compromised Email and M365 Cloud Security Gaps
Dutch police suffered a major data theft attributed to a **Russian cyber group** after attackers gained access via an employee’s **email account** and exfiltrated sensitive personnel information. Stolen data reportedly included the contact details of nearly all **~65,000 police officers**, along with profile photos and other personal data, triggering significant internal unrest and concern about officer safety and privacy. Investigative reporting indicates the organization had been **warned in advance** about security weaknesses relevant to the intrusion path. Documents obtained under the Netherlands’ Open Government/Woo framework describe an internal **November 2022 risk analysis** that raised concerns about the implementation and security of Microsoft’s **M365 cloud** (used for tools such as *Teams*), explicitly noting “inherent” cloud risks and that **state actors** would be highly motivated to access the environment. Following the 2024 theft, police reportedly stood up a heavy crisis response structure (the *Nationale Staf Grootschalig en Bijzonder Optreden*) to reduce immediate risk and implement additional security measures, while political and union voices characterized the incident as severe and questioned why earlier warnings were not acted upon.
Mar 21, 2026
Dutch Police Link Officer Data Breach to State Actor Amid Cybercrime Crackdown
Dutch police said a recent breach exposing personal data of officers was likely carried out by a **state actor**, reviving concerns first raised in an earlier case in which authorities suspected a foreign government was behind the theft of Dutch police personnel data. Reporting indicates the compromised information involved police employee details, and officials treated the intrusion as a serious national-security matter because of the potential risks to officers and ongoing investigations. Separately, Dutch police announced they had dismantled a major cybercriminal forum in an international operation, underscoring a broader push against both espionage-linked intrusions and financially motivated cybercrime. The takedown was presented as a coordinated global law-enforcement action against a prominent criminal platform, while the data-breach investigation highlighted the parallel threat posed by hostile states targeting sensitive law-enforcement information.
May 25, 2026
Dutch Organizations Report Data Breaches and Extended Unauthorized Access
Dutch authorities reported a prolonged compromise at the Dutch prisons agency **DJI**, where attackers reportedly maintained access for at least **five months**. Exposed information included staff **email addresses, phone numbers, and security certificates**, and the Dutch NCSC indicated the intruders also accessed **phones, tablets, and laptops**, though the extent of data access on those endpoints was not confirmed; DJI did not confirm whether access had been fully removed. Separately, Dutch telecom **Odido** disclosed a **data breach followed by an extortion attempt**, after which attackers publicly released about **1M records** (including **317k unique email addresses**) and threatened additional leaks. The published data reportedly included **names, physical addresses, phone numbers, bank account numbers**, and customer-service notes; Odido’s notice also warned that **dates of birth** and government ID numbers (passport/driver’s license) were impacted. A **Canadian Tire** breach entry describes a different incident in Canada (October 2025) involving ~**42M records** with PBKDF2-hashed passwords and some partial payment-card metadata, and is not part of the Netherlands-focused events above.
Mar 21, 2026