.png)
Date: 27/09/2024
Where:
The Netherlands
Who’s involved:
The Dutch National Police Force
Various cyber threat actors
Millions of Dutch citizens
What happened?
Justice Minister David Van Weel announced on 27/9 that the contact details of the employees of all police departments had been leaked in an event that the department became aware of on the night of 26/9.
On the night of 2/10, the Dutch intelligence services stated that it’s very likely the leak was the work of a state-backed threat actor.
This leak comes as only the latest in a string of compromised personally identifiable information (PII) tranches for millions of Dutch citizens.
On 24/8, over 9 Million WhatsApp users with Dutch phone numbers had their data allegedly posted for sale. This was only hours after another leak of 6.2 million Dutch citizens’ data, including surnames, email addresses, date of birth, residence, gender identifiers, and phone numbers.
On 7/9, access data for 1300+ mailboxes and endpoint devices belonging to an unidentified Dutch governmental organization was allegedly sold on a criminal data marketplace.
On 10/9, the entire employee database (numbering 14,000+ entries) of a major Dutch technology manufacturer was allegedly leaked.
On 14/9, 300,000 landline phone numbers and addresses were allegedly stolen from a call center’s database.
Analysis
The National Police leak includes the records of roughly 62,000 Dutch police officers-the entire National Police Force. Even if this only contains names and email addresses, this is extremely valuable information for potentially more harmful phishing campaigns in the future.
The information, while limited to official records (and not the personal contacts and information of individual employees), could include mission critical information despite lacking private or investigative data, in the case of specific departments or task forces.
As of 2/10, it was confirmed that a small amount of data did turn out to be private.
Included in the 2/10 update is confirmation that an address book that included the information of Prosecutors, Probation Officers, and Lawyers was taken
Security experts suspect that the list could have come from a single employee with relatively low levels of access, based on the relatively “low” value of the information.
As of 2/10, the leaked data has not appeared on any of the most well-known criminal marketplaces or leaking sites. Delays like this could indicate that there is a ransom negotiation for the data taking place, or that the data has been exfiltrated for future use by a more sophisticated threat actor. This is consistent with the ministry’s assertion that it was likely a state-backed actor.
Data leaks involving sensitive information like police records not only expose individuals to phishing and fraud but also create security vulnerabilities for critical institutions. For the Dutch police, compromised data could lead to targeted attacks against officers, compromising personal safety and operational security.
Attackers can use leaked data for ransom demands or extortion, complicating recovery efforts and potentially leading to further data exposure if not managed correctly.
The Nebu data leak last year impacted over 2.5 million Dutch citizens, coming only months after the VodafoneZiggo Data Leak of 700,000 Dutch customers’ data.
Conclusion
The leak compromising 62,000 police officers' data demonstrates a critical and escalating issue in the Netherlands' digital security landscape. Beyond the immediate risks of targeted phishing and identity theft, it jeopardizes operational security and could expose officers to further threats.
This incident is symptomatic of a broader vulnerability across Dutch institutions. With millions of citizens affected by similar breaches in recent years—including high-profile incidents like Nebu and VodafoneZiggo—it’s clear that Dutch data security is in a precarious state, despite enjoying some of the highest data security standards in Europe. Systemic reform, stronger defenses, and proactive monitoring are necessary to stem the tide of breaches and restore public confidence in the nation’s digital resilience.
Advice and Mitigation
If you suspect that you could have been impacted by any of these data breaches, be extremely careful about opening and responding to any remotely suspicious emails. Suspect any emails asking you to follow an external link or input information.
Most data breaches from non-state actors can be verified by searching yourself for free on websites such as “haveibeenpwned.com”.
Suspicious links within emails can be safely scanned with most major email providers, but should be double checked via open source resources such as “https://urlscan.io/”.
Always confirm the sender’s email address and the filetypes of any email attachments.
Phishing links can also be sent via text message or messenger program such as WhatsApp. They should be treated with the same level of scrutiny.
Comentários