• Home
  • cyber
  • Dutch municipality of Epe: Nearly all Epe residents affected by major data breach involving personal details
cyber Breach

Dutch municipality of Epe: Nearly all Epe residents affected by major data breach involving personal details

Mar 12, 2026 2 min read
Dutch municipality of Epe: Nearly all Epe residents affected by major data breach involving personal details

Massive Data Breach Exposes Personal Information of Nearly All Epe Residents

On March 12, the Dutch municipality of Epe suffered a severe data breach, resulting in the theft of sensitive information belonging to nearly all of its residents. An investigation revealed that attackers accessed approximately 552,000 files, including names, addresses, birth details, gender, and BSN (citizen service) numbers. For individuals who had interacted with municipal services, additional data such as contact details, bank account information, and copies of IDs may also have been compromised.

The municipality will notify all affected residents by letter, with those whose ID copies were stolen receiving separate communication. Impacted individuals will be eligible for free ID replacements. Authorities have not confirmed whether the attackers have made ransom demands or if the stolen data has been leaked.

The breach was executed using the ClickFix technique, where victims were tricked into clicking a malicious link disguised as a system error, granting hackers access to municipal systems. While DigiD login credentials used for Dutch government services were not exposed (as they are not stored by the municipality), officials warn of potential risks, including identity theft and phishing attempts.

Epe has reported the incident to Dutch police and the Dutch Data Protection Authority (AP). In response, the municipality has reset staff passwords and implemented additional security measures. Cybersecurity experts, alongside law enforcement, are monitoring for any public release of the stolen data. No further details on attacker communication have been disclosed.

Source: https://nltimes.nl/2026/04/23/nearly-epe-residents-affected-major-data-breach-involving-personal-details

Dutchess County Government cybersecurity rating report: https://www.rankiteo.com/company/dutchess-county-government

"id": "DUT1776969214",
"linkid": "dutchess-county-government",
"type": "Breach",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Nearly all residents (estimated '
                                              '~50,000+)',
                        'industry': 'Public Sector',
                        'location': 'Epe, Netherlands',
                        'name': 'Municipality of Epe',
                        'type': 'Government'}],
 'attack_vector': 'Phishing (ClickFix technique)',
 'customer_advisories': 'Affected residents will receive notification letters; '
                        'free ID replacements offered for those with ID copies '
                        'stolen',
 'data_breach': {'number_of_records_exposed': '552,000 files',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Birth details',
                                                         'Gender',
                                                         'BSN (citizen '
                                                         'service) numbers',
                                                         'Contact details'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Bank account information',
                                              'Copies of IDs']},
 'date_detected': '2024-03-12',
 'description': 'On March 12, the Dutch municipality of Epe suffered a severe '
                'data breach, resulting in the theft of sensitive information '
                'belonging to nearly all of its residents. Attackers accessed '
                'approximately 552,000 files, including names, addresses, '
                'birth details, gender, and BSN (citizen service) numbers. For '
                'individuals who had interacted with municipal services, '
                'additional data such as contact details, bank account '
                'information, and copies of IDs may also have been '
                'compromised. The breach was executed using the ClickFix '
                'technique, where victims were tricked into clicking a '
                'malicious link disguised as a system error, granting hackers '
                'access to municipal systems.',
 'impact': {'brand_reputation_impact': 'Potential identity theft and phishing '
                                       'risks',
            'data_compromised': '552,000 files',
            'identity_theft_risk': 'High',
            'operational_impact': 'Password resets and additional security '
                                  'measures implemented',
            'payment_information_risk': 'High (bank account information '
                                        'exposed)',
            'systems_affected': 'Municipal systems'},
 'initial_access_broker': {'entry_point': 'Malicious link (ClickFix '
                                          'technique)'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': 'Password resets, additional '
                                                  'security measures, '
                                                  'monitoring for data leaks',
                            'root_causes': 'Social engineering (ClickFix '
                                           'phishing attack)'},
 'references': [{'source': 'Cyber incident report'}],
 'regulatory_compliance': {'regulatory_notifications': ['Dutch Data Protection '
                                                        'Authority (AP)']},
 'response': {'communication_strategy': 'Notification letters to affected '
                                        'residents, separate communication for '
                                        'those with ID copies stolen',
              'containment_measures': 'Password resets, additional security '
                                      'measures',
              'enhanced_monitoring': 'Monitoring for public release of stolen '
                                     'data',
              'law_enforcement_notified': 'Dutch police',
              'third_party_assistance': 'Cybersecurity experts'},
 'title': 'Massive Data Breach Exposes Personal Information of Nearly All Epe '
          'Residents',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Social engineering (malicious link disguised as '
                            'system error)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.