My Tiny Feed

nos.nl

Dutch Police Data Breach: Cookie Theft Exposes 65,000 Employees

Hackers stole data from almost all 65,000 Dutch police employees by exploiting a browser cookie. The investigation points to a foreign entity, potentially Russia.

Read original article in Dutch

Dutch

Netherlands

NetherlandsInvestigationCybersecurityData SecurityCybercrimeCyberattackSecurity Breach

Dutch National PoliceAivdMivdMicrosoft

Stan Duijf

What information was stolen in the cyberattack?: The stolen cookie allowed the hackers to impersonate the police employee and access the Outlook address book, which contained names, email addresses, and sometimes phone numbers of nearly all police staff.
What is the impact of the hack on the Dutch police?: The impact on the police force and its employees is significant, and although the police believe their security measures were adequate, the incident highlights the vulnerability of IT systems to sophisticated cyberattacks.
What is known about the perpetrators of the cyberattack?: The police believe that the attackers, likely from another country (possibly Russia), exploited vulnerabilities in the software to steal the cookie and access the address book; they are currently investigating exactly how this occurred.
How did the hackers gain access to the Dutch police's data?: Hackers stole a browser cookie from a Dutch police employee, gaining access to a system and stealing the email address book containing almost all 65,000 employees' information.
What steps are being taken in response to this cyberattack?: The investigation involves the Dutch National Police, intelligence services AIVD and MIVD, and is focused on identifying the perpetrators, understanding their methods, and determining what further data might have been compromised.

Jan 17, 22:10

Netherlands Imposes Mandatory Security Screenings on Sensitive Technology Researchers

The Netherlands will conduct mandatory security screenings for all master's students and researchers in sensitive technology studies to counter espionage and theft of vital information by foreign powers, impacting thousands of students across Europe, following warnings of such activities from security services.

Jan 17, 22:10

DDoS Attacks Cripple Dutch Universities and DigiD System

Coordinated DDoS attacks disrupted Dutch universities connected to the SURFnet network and the government's DigiD login system, leading to a week-long shutdown at Eindhoven University of Technology and temporary outages elsewhere; investigations are ongoing.

Jan 15, 10:09

Cyberattack Disrupts Eindhoven University, Cancels Exams

A cyberattack on Eindhoven University of Technology (TU/e) starting on January 13, 2024, at 9 PM local time, forced the university to shut down its servers, canceling classes and exams for students due to compromised network access, with exams originally scheduled for January 20th postponed for a week.

Jan 15, 19:10

Dutch Government Cloud Services Risk Assessment Criticized

The Netherlands Court of Audit criticizes the Dutch government for insufficiently assessing risks associated with its use of cloud services, particularly those from US-based providers, exposing citizens' and businesses' data to potential breaches and disruptions.