Dutch Ministry of Finance discloses breach affecting workers

The Dutch Ministry of Finance confirmed on Monday that a few of its programs had been breached in a cyberattack detected final week.

Officers stated the ministry was notified by a 3rd get together of the breach on March 19, and it is nonetheless investigating the cyberattack. An ongoing investigation discovered that the incident impacts some workers.

“The Ministry of Finance’s ICT security detected unauthorized entry to programs for quite a lot of main processes inside the coverage division on Thursday, March 19,” an official assertion revealed.

“Following the alert, an instantaneous investigation was launched, and entry to those programs has been blocked as of at the moment. This impacts the work of a portion of the workers.”

The ministry added that the cyberattack didn’t impression programs used to handle tax assortment, import/export rules, and income-linked subsidies, which deal with over 9.5 million tax returns yearly for revenue tax alone.

“Companies to residents and companies offered by the Tax and Customs Administration, Customs, and Advantages haven’t been affected. We are going to replace this message once we can share extra data.”

Though the ministry stated the breach affected a few of its workers, it did not disclose what number of had been affected or whether or not the attackers stole any delicate information. Additionally, no cybercrime group or menace actors have taken duty for the assault.

BleepingComputer reached out to a Ministry of Finance spokesperson with questions concerning the incident, together with the whole variety of impacted workers and the way lengthy the attackers had entry to the compromised programs, however a response was not instantly accessible.

In September 2024, the Dutch nationwide police (Politie) was additionally breached in a cyberattack believed to be orchestrated by a “state actor” that stole work-related contact particulars of a number of cops.

Extra just lately, in February, Dutch authorities arrested a 40-year-old man for an extortion try after he downloaded confidential paperwork mistakenly shared by the police and refused to delete them except he obtained “one thing in return.”