Ethical Hacking News
The Dutch Data Protection Authority has been compromised by attackers exploiting zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) software, revealing sensitive information about employees. In a shocking turn of events, the AP has found itself at the center of an unusual breach, with investigations ongoing to determine the scale of the incident and implement measures to prevent similar attacks in the future.
The Dutch Data Protection Authority (AP) was breached due to zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) software. The breach exposed sensitive information such as names, business email addresses, and phone numbers of AP and RVDR employees. A letter from senior ministers confirmed the attack and noted that an investigation is ongoing to determine the scale of the breach. CVS-2026-1281 was exploited in the wild shortly after its initial disclosure, according to the US CISA. The NHS warned that EPMM devices are exposed to the web by design and are ripe targets for attackers. Applying patches may not be enough to prevent exploitation of these vulnerabilities; organizations must consider them compromised.
The Dutch Data Protection Authority (AP), responsible for safeguarding personal data and enforcing data protection regulations, has found itself at the center of an unusual breach. In a shocking turn of events, it emerged that the AP had been compromised by attackers exploiting zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) software.
The breach, which took place on January 29, targeted employees of both the AP and the Council for the Judiciary (RVDR), revealing sensitive information such as names, business email addresses, and phone numbers. The severity of the breach was underscored by a letter signed by Justice Secretary Arno Rutte and Secretary for Kingdom Relations Eddie van Marum, which confirmed that an attack involving January's Ivanti EPMM bugs had led to a data breach.
The letter noted that attackers may have accessed personal data belonging to the regulator and judiciary's governing body, but emphasized that all affected individuals have been informed directly. The senior ministers did not comment on the scale of the breach in terms of specific numbers, but acknowledged that an investigation is ongoing.
As the AP investigates the breach, it has also attracted attention from the Dutch office of the CIO (CIO Rijk), which is examining whether there is a broader risk to the central government. The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that CVE-2026-1281, one of the affected vulnerabilities, was exploited in the wild shortly after its initial disclosure.
Ivanti's security advisory at the time stated that it was aware of "a very limited number of customers whose solution had been exploited" by attackers. However, warnings from outside sources suggested that the attacks could be more frequent than the vendor's "very limited" phrasing would suggest.
The UK's National Health Service (NHS) highlighted that EPMM devices are exposed to the web by design, making them ripe targets for attackers. The NHS England National CSOC assesses it is highly likely that vulnerabilities discovered in edge devices like EPMM will continue to be exploited as zero-day vulnerabilities or shortly after vendor disclosure.
Benjamin Harris, CEO at watchTowr, noted that EPMM devices are often used by high-value organizations and that applying patches may not be enough. Threat actors have been exploiting these vulnerabilities as zero-days, and organizations that are exposing vulnerable instances to the internet must consider them compromised and take down infrastructure and instigate incident response processes.
As the cybersecurity landscape continues to evolve, it is essential for organizations like the AP to stay vigilant and proactive in protecting against emerging threats. The Dutch data watchdog's experience serves as a reminder of the importance of timely patching, robust security measures, and effective incident response planning.
Related Information:
https://www.ethicalhackingnews.com/articles/Dutch-Data-Protection-Authority-Caught-Off-Guard-by-Ivanti-Zero-Day-Attacks-ehn.shtml
Published: Mon Feb 9 08:56:12 2026 by llama3.2 3B Q4_K_M
