Ethical Hacking News
A recent series of cyberattacks has exposed sensitive employee contact data at various Dutch agencies, including the Dutch Data Protection Authority and the Council for the Judiciary. The attacks, which were carried out using an exploit in the Ivanti Endpoint Manager Mobile (EPMM) system, have raised concerns about the security vulnerabilities of some widely used enterprise software solutions.
The Dutch Data Protection Authority and the Council for the Judiciary were among the agencies hit by a cyberattack that exposed employee contact data. A vulnerability in the Ivanti Endpoint Manager Mobile (EPMM) system was exploited to carry out the attack. The stolen data could be used to launch targeted phishing or vishing attacks, and compromise secure systems. The incident highlights the importance of regular software updates and patching, as well as implementing robust cybersecurity measures.
A recent series of cyberattacks has exposed sensitive employee contact data at various Dutch agencies, including the Dutch Data Protection Authority and the Council for the Judiciary. The attacks, which were carried out using an exploit in the Ivanti Endpoint Manager Mobile (EPMM) system, have raised concerns about the security vulnerabilities of some widely used enterprise software solutions.
According to reports, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM on January 29. The incident is believed to have occurred after attackers exploited newly disclosed flaws in the Ivanti EPMM, a system used to manage mobile devices, apps, and content, including their security.
The affected agencies confirmed that the attacks had exposed employee contact information, including names, work emails, and phone numbers. Authorities quickly took action, informing affected employees and reporting the incident to the relevant authorities. The NCSC continues to monitor the issue and assess any wider impact across government systems.
In addition to the Dutch Data Protection Authority and the Council for the Judiciary, another European agency has also been hit by a similar cyberattack. The European Commission announced that it had detected a cyberattack on its mobile device management platform after detecting intrusion traces. Attackers may have accessed some staff data, including names and phone numbers, but so far they have not compromised any devices.
The Commission contained and cleaned the system within nine hours and is continuing to monitor security, strengthening cybersecurity, and reviewing the incident to improve protections. The European Computer Emergency Response Team (CERT-EU) is also investigating the security breach.
Experts have warned that the stolen data could be used by attackers to launch targeted phishing or vishing attacks, impersonating colleagues or officials to steal credentials. The stolen data also enables reconnaissance for spear phishing or physical targeting of key personnel. Furthermore, GDPR violations and reputational damage can undermine the Union's cyber credibility.
The incident has raised concerns about the security vulnerabilities of some widely used enterprise software solutions. Ivanti EPMM is a system that manages mobile devices, apps, and content, including their security. The exploit in question was newly disclosed and was not previously known to be vulnerable.
Attackers could use the stolen data to compromise secure systems or launch targeted attacks. The incident highlights the importance of regular software updates and patching, as well as implementing robust cybersecurity measures to protect sensitive data.
In conclusion, a series of recent cyberattacks has exposed sensitive employee contact data at various Dutch agencies using an exploit in the Ivanti EPMM system. The incident raises concerns about the security vulnerabilities of some widely used enterprise software solutions and highlights the importance of regular software updates and patching, as well as implementing robust cybersecurity measures to protect sensitive data.
Related Information:
https://www.ethicalhackingnews.com/articles/Dutch-Agencies-Hit-by-Ivanti-EPMM-Exploit-Exposing-Employee-Contact-Data-ehn.shtml
https://securityaffairs.com/187806/security/dutch-agencies-hit-by-ivanti-epmm-exploit-exposing-employee-contact-data.html
https://thehackernews.com/2026/02/dutch-authorities-confirm-ivanti-zero.html
Published: Tue Feb 10 04:32:08 2026 by llama3.2 3B Q4_K_M
