CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Unauthorized access detected in Dutch Ministry of Finance policy department systems

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

The Dutch Ministry of Finance disclosed a cybersecurity incident involving unauthorized access to systems within its policy department, initially detected on March 19, 2026. On March 23, 2026, the ministry took several systems offline—including the treasury banking portal—for forensic investigation, disrupting access for approximately 1,600 public institutions. Core treasury functions retained full access to funds, and payments continued via regular banking channels. The breach affected some employees but did not impact core financial operations such as tax collection or benefits administration. The investigation, supported by the National Cyber Security Center (NCSC), external forensic experts, and Dutch authorities, remains ongoing. No threat actor has claimed responsibility, and no confirmation of data exfiltration has been provided.

Timeline

  1. 24.03.2026 14:03 2 articles · 7d ago

    Unauthorized access detected in Ministry of Finance policy department systems

    On March 19, 2026, the Dutch Ministry of Finance detected unauthorized access to systems supporting primary processes in its policy department. The intrusion was identified via ICT security alerts and a third-party notification. Access to compromised systems was immediately blocked. Core financial operations—including tax collection and benefits administration—remained unaffected. An active investigation is underway, with no attribution or evidence of data exfiltration confirmed. Subsequent actions taken on March 23, 2026, included temporarily taking offline several systems, including the treasury banking portal, to support forensic investigation. This disruption affected approximately 1,600 public institutions, which were unable to view treasury account balances or use portal functions for loans, deposits, or credit applications. Core treasury funds remained accessible, and payments continued via regular banking channels. The ministry notified the Dutch Data Protection Authority (AP) and the national police's High Tech Crime Team, with support from the National Cyber Security Center (NCSC) and external forensic experts. No threat actor has claimed responsibility, and no evidence of data exfiltration has been confirmed.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Dutch National Police phishing incident leads to limited breach with ongoing investigation

The Dutch National Police (Politie) confirmed a phishing attack resulted in a limited security breach, with attackers' access blocked shortly after detection by the Security Operations Center. The incident did not expose or access citizens' data or investigative information, and a criminal investigation has been launched. The timing of detection and potential exposure of employees' data remain undisclosed. This follows a prior 2024 breach attributed to a state actor, which stole work-related and private contact information for police officers. Enhanced security measures, including two-factor authentication and continuous monitoring, were implemented post-2024 but did not prevent the recent phishing incident.

Open in new tab

FinWise insider breach exposes 689K American First Finance customers' data

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach, which occurred on May 31, 2024, involved personal data, including full names, and went undetected for over a year. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach was discovered on June 18, 2025, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits alleging inadequate encryption and security measures. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Open in new tab