The Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week.
Officials said the ministry was notified by a third party of the breach on March 19, and it’s still investigating the cyberattack. An ongoing investigation found that the incident affects some employees.
“The Ministry of Finance’s ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19,” an official statement revealed.
“Following the alert, an immediate investigation was launched, and access to these systems has been blocked as of today. This affects the work of a portion of the employees.”
The ministry added that the cyberattack did not impact systems used to manage tax collection, import/export regulations, and income-linked subsidies, which handle over 9.5 million tax returns annually for income tax alone.
“Services to citizens and businesses provided by the Tax and Customs Administration, Customs, and Benefits have not been affected. We will update this message when we can share more information.”
Although the ministry said the breach affected some of its employees, it didn’t disclose how many were affected or whether the attackers stole any sensitive data. Also, no cybercrime group or threat actors have taken responsibility for the attack.
A Ministry of Finance spokesperson told they couldn’t provide more information due to the ongoing investigation when we reached out with additional questions about the incident, including the total number of affected employees and how long the attackers had access to the compromised systems.
In September 2024, the Dutch national police (Politie) was also breached in a cyberattack believed to be orchestrated by a “state actor” that stole work-related contact details of multiple police officers.
More recently, in February, Dutch authorities arrested a 40-year-old man for an extortion attempt after he downloaded confidential documents mistakenly shared by the police and refused to delete them unless he received “something in return.”
Update March 24, 10:03 EDT: Added statement from Dutch Ministry of Finance.
.ia_ad {
background-color: #f0f6ff;
width: 95%;
max-width: 800px;
margin: 15px auto;
border-radius: 8px;
border: 1px solid #d6ddee;
display: flex;
align-items: stretch;
padding: 0;
overflow: hidden;
}
.ia_lef {
flex: 1;
max-width: 200px;
height: auto;
display: flex;
align-items: stretch;
}
.ia_lef a {
display: flex;
width: 100%;
height: 100%;
}
.ia_lef a img {
width: 100%;
height: 100%;
border-radius: 8px 0 0 8px;
margin: 0;
display: block;
}
.ia_rig {
flex: 2;
padding: 10px;
display: flex;
flex-direction: column;
justify-content: center;
}
.ia_rig h2 {
font-size: 17px !important;
font-weight: 700;
color: #333;
line-height: 1.4;
font-family: Georgia, “Times New Roman”, Times, serif;
margin: 0 0 14px 0;
}
.ia_rig p {
font-weight: bold;
font-size: 14px;
margin: 0 0 clamp(6px, 2vw, 14px) 0;
}
.ia_button {
background-color: #FFF;
border: 1px solid #3b59aa;
color: black;
text-align: center;
text-decoration: none;
border-radius: 8px;
display: inline-block;
font-size: 16px;
font-weight: bold;
cursor: pointer;
padding: 10px 20px;
width: fit-content;
}
.ia_button a {
text-decoration: none;
color: inherit;
display: block;
}
@media (max-width: 600px) {
.ia_ad {
flex-direction: column;
align-items: center;
}
.ia_lef {
max-width: 100%;
}
.ia_lef a img {
border-radius: 8px 8px 0 0;
}
.ia_rig {
padding: 15px;
width: 100%;
}
.ia_button {
width: 100%;
margin: 0px auto;
}
}
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Comments