Hackers breach Dutch privacy regulator, employee data compromised

Published: 9 February 2026
Last updated: 9 February 2026
netherlands monitor compromised
Image by Cybernews.

The Dutch Data Protection Authority (DPA) is involved in a security incident in which an unauthorized party accessed employee data.

The attackers exploited a known vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a security software suite used to manage mobile devices, apps, and content.

According to Arno Rutte, Minister for Legal Protection, the work-related data of employees of the privacy and data protection regulator has been accessed by unauthorized persons, including names, business email addresses, and telephone numbers.

ADVERTISEMENT

“As soon as the incident came to light, extra security measures were taken. In addition, the employees of the DPA were informed. The privacy supervisor has reported the incident to its data protection officer,” the Minister says in a letter addressed to the House of Representatives.

The National Cyber Security Centre (NCSC) has alerted Dutch organizations working with EPMM that they should assume their server had been compromised. Furthermore, the NCSC urges organizations to contact the government agency for additional information on how to act.

hijack Iot devices and web servers
Image by Cybernews

Last week, Ivanti released security updates for two vulnerabilities that are being actively exploited by hackers: CVE-2026-1281 and CVE-2026-1340. These exploits allow unauthenticated users to perform a remote code execution (RCE) on unpatched servers, providing persistent access to the system and letting attackers steal data or gain control over the system.

On a scale of 1 to 10, both vulnerabilities have been rated 9.8.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“The NCSC recommends organizations using Ivanti Endpoint Manager Mobile (EPMM) to implement the available updates as soon as possible. We would also like to connect with these organizations. The NCSC may be able to provide your organization with additional information and action plans,” the NCSC says in an updated security advisory.

Minister Rutte promises to keep the House of Representatives in the loop on the results of the investigation that’s currently being conducted.

ADVERTISEMENT

Besides the privacy and data protection regulator, the Council for the Judiciary, which represents the interests of the courts in the Netherlands, was also hacked by attackers exploiting the vulnerabilities in Ivanti’s security software suite.

Other organizations may have also been affected by the vulnerabilities, a spokesperson of the Ministry of Justice and Security told Dutch news outlet De Volkskrant.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT