Cyberattack Investigation at Dutch Ministry of Finance
The Dutch Ministry of Finance has taken several systems offline, including the Treasury Banking Digital Portal, as a precaution while they investigate a cyberattack identified two weeks ago.
In their announcement last week, the ministry confirmed that the security breach that occurred on March 19 did not impact systems related to tax collection, income subsidies, or import and export regulations for citizens or businesses.
Some employees were affected by the breach, but the ministry hasn’t specified how many or whether sensitive data was compromised. Currently, no individual or group has claimed responsibility for the attack.
In a statement to the Dutch House of Commons, Finance Minister Eelko Heinen shared on Monday that on March 23, the Ministry of Finance had shut down critical systems, affecting hundreds of public institutions, including ministries, government agencies, educational organizations, social funds, and local governments.
“Due to ongoing forensic investigations and security precautions, various systems, including the Treasury Banking Digital Portal, have been temporarily deactivated. Consequently, around 1,600 public institutions holding funds at the Treasury cannot check their account balances online,” Heinen noted.
He added, “Participants will also be unable to apply for loans or change intraday limits, though they still have access to their funds, and normal incoming and outgoing payments will continue through regular banking channels. We will maintain essential processes with minimal manual service where necessary.”
The situation is under investigation with assistance from the Dutch National Cyber Security Center (NCSC) and external experts. The ministry has also notified the Dutch Data Protection Authority (AP) about the breach and reported it to the High Tech Crime Team of the Dutch National Police.
As of now, the finance minister has not provided a clear timeline for when the investigation will conclude or when the impacted systems might be restored.
In September 2024, the National Police Force was compromised by unidentified state-sponsored attackers who accessed work-related contact details for an undisclosed number of officers. Recently, in February, Dutch authorities apprehended a 40-year-old man regarding a request for a “quid pro quo” concerning the deletion of confidential documents incorrectly shared with police.
