The Dutch Ministry of Finance has taken some of its systems offline, including the treasury bank’s digital portal, while investigating a cyberattack discovered two weeks ago.
When disclosing the incident last week, the Ministry said the March 19 security breach did not affect systems used to manage tax collection, revenue-related subsidies, and import/export regulations for citizens and businesses.
Although the breach affected some of its employees, it did not disclose how many were affected or whether the attackers stole any sensitive data from the compromised systems. Also, no threat actor or cyber crime group has claimed responsibility for the attack.
In a statement sent to the Dutch House of Representatives on Monday, the Minister of Finance Eelco Heinen said that the Ministry closed some programs for security reasons on March 23, directly affecting hundreds of Dutch public institutions, including ministries, government agencies, educational organizations, social funds, and local governments.
“Due to the ongoing forensic investigation and security reasons, several systems have been temporarily removed from the Internet, including the digital portal of Treasury Banking. As a result, approximately 1,600 public institutions that manage funds and the Ministry of Finance are currently unable to view the balance of their treasury accounts online,” said Heinen.
“Furthermore, participants are temporarily unable to use the portal to apply for loans, deposits, or credit, change the intraday limit, or generate reports,” he added. “It is important to note that participants maintain full access to their funds in the Treasury and that incoming and outgoing payments continue as usual through normal banking channels. Where necessary, minimum service levels will be maintained manually to ensure that essential processes can continue to operate.”
The incident is currently being investigated with the help of the Dutch National Cyber Security Center (NCSC) and external forensic experts. The minister notified the Dutch Data Protection Authority (AP) of the breach and filed a report with the Dutch High Tech Crime Team of the national police.
The Dutch Finance Minister could not give a clear time frame for when the investigation would be completed or when the disruption to the ongoing programs would be resolved.
The country’s National Police Corps was also breached in September 2024 by a government-backed threat actor, who stole the work-related contact information of an undisclosed number of police officers.
Most recently, in February, Dutch authorities arrested a 40-year-old man who asked for “something” to delete confidential documents that the police accidentally shared.
Automatic logging proves that the path exists. BAS proves that your controls are stopping you. Many teams run without each other.
This white paper outlines six areas of validation, indicates where coverage ends, and provides clinicians with three diagnostic questions for any screening tool.
