Personal data of employees of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) and the Council for Justice was accessed by unauthorized persons as a result of a leak caused by a vulnerability in software used by government agencies, APA reports citing ANP news agency.
According to the agency, a bug in Ivanti Endpoint Manager Mobile software allowed third-party users to gain unauthorized access to employees' personal information, including names, email addresses, and phone numbers. The exact number of employees affected by the data breach is still being investigated. The agency assesses the incident as particularly damaging for Dutch authorities, as the AP is the regulator overseeing compliance with personal data protection laws in the country.
Employees of both agencies have been notified of the incident. It was reported that the Council for Justice initially reported the breach to the AP, after which the regulator recorded its own leak and notified the Data Protection Commissioner and the Dutch National Cyber Security Center. The government did not rule out the possibility that the vulnerability could have affected other government organizations using the same software.
