Dutch Ministry of Finance discloses cyber breach affecting employees

The Dutch Ministry of Finance confirmed on Monday that it fell victim to a cyberattack that compromised some of its systems. The breach was detected after a third party alerted officials, with notification arriving on March 19. An ongoing investigation has determined that the incident affected a subset of the ministry’s staff and their workflows.

According to an official statement, the ministry’s ICT security team identified unauthorized access to systems tied to several primary processes within the policy department on March 19. In response, authorities said they launched an immediate probe and took steps to block access to the compromised systems as of the present date. The ministry stressed that the intrusion affected only a portion of its employees and did not compromise other critical areas of government operations.

Officials emphasized that the breach did not impact systems used to manage tax collection, import/export regulations, or income-linked subsidies. These systems process more than 9.5 million tax returns annually for income tax alone, underscoring their importance to public revenue and governance. In addition, services delivered by the Tax and Customs Administration, Customs, and Benefits have not been affected and continue to operate as normal. The ministry pledged to provide further information as the investigation progresses.

There has been no disclosure regarding the exact number of employees affected, nor any confirmation that sensitive data were stolen. No cybercrime group or threat actor has claimed responsibility for the attack. Responses from the Ministry of Finance to questions about the total number of impacted workers and the duration of the attackers’ access were not immediately available at press time.

This incident comes in the wake of other cyber events involving Dutch authorities. In September 2024, the Dutch national police experienced a breach that security experts attributed to a state actor, resulting in the theft of work-related contact details of multiple officers. The more recent episode, reported in early 2026, adds to a troubling pattern of cyber intrusions impacting public institutions in the Netherlands. In February, authorities arrested a 40-year-old man in connection with an extortion scheme that arose after confidential police documents were downloaded and subsequently offered for ransom, illustrating the varied and evolving nature of cyber threats faced by state bodies.

While the ministry did not indicate a timeline for the containment or remediation of the breach beyond blocking access, it reiterated its commitment to keeping the public informed as more details become available. The episode highlights the persistent challenge of safeguarding governmental IT infrastructure and the need for continuous improvements in digital defenses, incident detection, and response mechanisms to minimize disruption to essential government functions and protect employees and sensitive information.