Belgian State Security hit by data breach, employee data potentially exposed

Published: 23 June 2026
Last updated: 1 hour ago
hackers are doing their homework
Image by Cybernews

Between May 2025 and Spring 2026, the Belgian State Security was the victim of a cyberattack in which employee data may have been stolen.

Key takeaways:
  • Belgium's State Security service was reportedly breached through vulnerabilities in Ivanti Endpoint Manager Mobile software.
  • Attackers may have accessed employee names, phone numbers, email addresses, device identifiers and GPS location data.
  • The agency's internal intelligence network was not compromised, according to reports.
  • The attack is the latest in a series of cyber incidents linked to critical flaws in Ivanti products that have affected governments and major institutions across Europe.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

According to the Belgian news outlet RTBF, the attackers managed to breach Ivanti Endpoint Manager Mobile (EPMM), a security software suite used to control access rights to mobile devices, apps, and content.

The news outlet spoke with anonymous sources familiar with the matter. They claim that hackers exploited flaws in Ivanti’s security software to access sensitive and personal information of employees of the Belgian intelligence service.

ADVERTISEMENT

Reportedly, the attackers exfiltrated data such as first and last names, phone numbers, email addresses, phone IDs, and GPS locations. However, the hackers never reached the intelligence agency's internal network, where confidential information is stored and exchanged.

As of writing, no ransomware extortion group has claimed responsibility for the attack on the Belgian State Security, although some news outlets have attributed the breach to UNC5221, a China-based, state-sponsored hacking group.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In January 2026, Ivanti released security updates for 2 vulnerabilities. These exploits allowed unauthenticated users to execute remote code (RCE) on unpatched servers, providing persistent access and enabling attackers to steal data or gain control of the system. On a scale of 1 to 10, both vulnerabilities were rated 9.8.

National cybersecurity agencies from multiple European Member States, including Belgium and the Netherlands, warned businesses and organizations working with Ivanti EPMM that they should assume their servers had been compromised and recommended that they immediately install the patches released by Ivanti.

The vulnerabilities in Ivanti’s security software also affected organizations, including the European Commission and the Dutch data protection authority (DPA).

This isn’t the first time that Belgium’s State Security has been targeted by hackers. Between February 2021 and May 2023, members of the Chinese hacking group gained access to a portion of the intelligence service’s external email server due to a vulnerability in Barracuda’s security software.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT