Dutch police database hit by ‘nightmare’ cyberattack

Fears for security of police and security partners as hackers steal information on 65,000 officers

In February, the Dutch ministry of defence alleged a 'Chinese state actor' had placed malware on one of its isolated networks used for research and development.
In February, the Dutch ministry of defence alleged a 'Chinese state actor' had placed malware on one of its isolated networks used for research and development.

The Dutch government has confirmed a large hack of its police database last week in which the work details of some 65,000 officers were stolen. It says the cyberattack is “most likely” to have been carried out by “a foreign government or foreign government agency”.

In a written briefing to MPs on Thursday, justice and security minister David van Weel revealed that the hackers had also stolen the data of some police “partners”, such as judges, public prosecutors, defence lawyers, probation officers and support staff.

The police union, NPB, described the cyberattack as “a nightmare” and said that although there was no indication of how the data might be used, there was “a lot of unrest” among officers, especially those working in sensitive areas such as narcotics or in undercover operations.

EU gets formal request from right-wing Netherlands coalition to opt out from rules on migration and asylumOpens in new window ]

“The most important priorities now are to protect our officers and employees, to shield further data and to trace the source of the attack,” said the union’s spokewoman, Nine Kooiman. “The urgency of getting police data in order is already painfully clear.”

READ MORE

It was natural that officers would be worried for themselves and their families, Ms Kooiman added.

“Officers on the beat will be worried they’ll become victims of doxing, where personal information is put online to be shared with malicious intent.

“Others, such as ‘Romeos’ – plainclothes officers who mingle with demonstrators at protests, for instance – will be worried about harassment.”

Mr van Weel told parliament he was first briefed on the cyberattack by commissioner of police Janny Knol, who told him the work contact data of “the entire organisation” had been taken, although no investigations had been compromised.

Uber fined €290m in Netherlands for sending drivers’ data to the USOpens in new window ]

“There are certain groups to whom we are now giving special attention, including those who work under cover, but for security reasons this is not something we can elaborate on,” he told the MPs in his two-page briefing.

The minister noted that earlier this year both the secret intelligence service, AIVD, and military intelligence, MIVD, had been given the power to respond rapidly to aggressive cyberattacks and had immediately instructed the police on countermeasures in this case.

In February, the Dutch ministry of defence alleged that a “Chinese state actor” had placed malware on one of its isolated networks used for research and development.

Ireland faces far greater cyberattack risk over next two years, security centre warnsOpens in new window ]

In 2022, the security services also alleged that Russian state groups were hacking routers owned by private individuals or small and medium enterprises in the Netherlands, and using them to launch global attacks powered by thousands of hijacked devices.

Most notoriously, in 2018, the Dutch foiled a cyberattack on the headquarters of the Organisation for the Prohibition of Chemical Weapons in The Hague by four Russian military intelligence agents travelling as diplomats.

Peter Cluskey

Peter Cluskey

Peter Cluskey is a journalist and broadcaster based in The Hague, where he covers Dutch news and politics plus the work of organisations such as the International Criminal Court