Dutch Police discloses security breach after phishing attack

Dutch Police discloses security breach after phishing attack

The Dutch National Police (Politie) has announced a security breach caused by a phishing attack, which appears to have had a minimal effect and did not compromise citizens' data.

The agency confirmed that the situation is currently under review by its security specialists and that any unauthorized access to affected systems has been terminated.

"The police have been the target of a phishing attack. The police's Security Operations Center detected the incident very quickly and immediately blocked access," the police stated in a press release on Wednesday.

"The ongoing investigation suggests that the impact is limited. There has been no exposure or access to citizens' data or sensitive investigation information. A criminal investigation has also been initiated."

Details regarding the specific timing of the attack's detection and whether any personnel information was compromised have yet to be released. A representative from the police did not provide additional information for BleepingComputer when asked about the nature of the affected systems or any potential data theft affecting police personnel.

Previously, in September 2024, the Dutch police experienced a data breach linked to a cyberattack attributed to a "state actor," which resulted in the theft of work-related contact information belonging to various police officers. This included names, email addresses, phone numbers, and, in certain instances, personal data.

An ongoing follow-up investigation aims to ascertain the "nature, scope, and consequences of the data leak." The police have not yet assigned responsibility for this attack to any specific threat group or clarified the methodology employed.

In response to the latest incident, the police have enacted enhanced security protocols aimed at thwarting potential future breaches. These measures include continuous monitoring of all systems for suspicious activity and the more frequent requirement for officers to utilize two-factor authentication when accessing their accounts.

Furthermore, in February, Dutch authorities arrested a 40-year-old individual in connection with an extortion attempt involving confidential documents that were inadvertently shared by the Dutch police.