Dutch Government Agencies Hit by Major Data Breach via Ivanti Software Flaw
A critical vulnerability in Ivanti Endpoint Manager Mobile software has led to a significant data breach affecting multiple Dutch government agencies, including the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) and the Council for Justice. Unauthorized parties exploited the flaw to access employees’ personal information, including names, email addresses, and phone numbers.
The breach underscores the risks posed by third-party software vulnerabilities in high-security environments. While the full scope of the incident remains under investigation, the exposure of sensitive employee data raises concerns about potential follow-on attacks, such as phishing or identity fraud.
The incident was reported by DataBreaches.net, which clarified that it does not engage in paid interviews or data purchases a rebuttal to claims suggesting otherwise. The breach follows a separate ransomware attack disclosed earlier, which compromised 377,000 individuals’ Social Security and driver’s license numbers from a Texas gas station and convenience store chain.
Dutch authorities are likely assessing the fallout, including compliance with GDPR and internal security protocols. The breach serves as a reminder of the cascading impact of software vulnerabilities in critical infrastructure.
Source: https://databreaches.net/2026/02/07/several-dutch-agencies-suffer-major-data-breach/
Ivanti cybersecurity rating report: https://www.rankiteo.com/company/ivanti
Autoriteit Persoonsgegevens (AP) | Dutch DPA cybersecurity rating report: https://www.rankiteo.com/company/autoriteitpersoonsgegevens
"id": "IVAAUT1770515557",
"linkid": "ivanti, autoriteitpersoonsgegevens",
"type": "Vulnerability",
"date": "1/2026",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Regulatory/Government',
'location': 'Netherlands',
'name': 'Dutch Data Protection Authority (Autoriteit '
'Persoonsgegevens, AP)',
'type': 'Government Agency'},
{'industry': 'Regulatory/Government',
'location': 'Netherlands',
'name': 'Council for Justice',
'type': 'Government Agency'}],
'attack_vector': 'Exploitation of software vulnerability',
'data_breach': {'personally_identifiable_information': 'Names, email '
'addresses, phone '
'numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Information'},
'description': 'A critical vulnerability in Ivanti Endpoint Manager Mobile '
'software has led to a significant data breach affecting '
'multiple Dutch government agencies, including the Dutch Data '
'Protection Authority (Autoriteit Persoonsgegevens, AP) and '
'the Council for Justice. Unauthorized parties exploited the '
'flaw to access employees’ personal information, including '
'names, email addresses, and phone numbers. The breach '
'underscores the risks posed by third-party software '
'vulnerabilities in high-security environments.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Names, email addresses, phone numbers',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential GDPR violations',
'systems_affected': 'Ivanti Endpoint Manager Mobile'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks posed by third-party software vulnerabilities in '
'high-security environments; potential for follow-on '
'attacks like phishing or identity fraud.',
'post_incident_analysis': {'root_causes': 'Exploitation of Ivanti Endpoint '
'Manager Mobile vulnerability'},
'references': [{'source': 'DataBreaches.net'}],
'regulatory_compliance': {'regulations_violated': ['GDPR']},
'title': 'Dutch Government Agencies Hit by Major Data Breach via Ivanti '
'Software Flaw',
'type': 'Data Breach',
'vulnerability_exploited': 'Ivanti Endpoint Manager Mobile flaw'}