**Dutch Agencies Hit by Ivanti EPMM Exploit Exposing Employee Contact Data**

A devastating wave of cyberattacks has hit several Dutch agencies, exposing sensitive employee contact data and raising concerns about the vulnerability of critical government systems. The attacks exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM), a platform used to manage mobile devices, apps, and security.

The National Cyber Security Center (NCSC) was alerted on January 29 after the vendor disclosed the vulnerabilities, prompting immediate action from authorities. Unfortunately, the swift response came too late for some agencies, which had already been compromised by attackers.

According to reports, the Dutch Data Protection Authority and the Council for the Judiciary were among those affected, with hackers gaining access to employee contact information, including names, work emails, and phone numbers. The authorities have since taken measures to contain the breach and inform affected employees, but concerns about the wider impact remain.

"State Secretary Rutte (JenV) and State Secretary Van Marum (BZK) informed the House of Representatives about the exploitation of a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) at the Dutch Data Protection Authority (AP) and the Judicial Council (Rvdr)," an advisory reads. "Based on the information known at this moment, I can report that at least the AP and the Rvdr have been affected."

As investigators continue to probe the incident, the European Commission has announced its own investigation into a similar cyberattack on its mobile device management platform. Although no devices were compromised in the attack, attackers may have accessed staff data, including names and phone numbers.

The European Computer Emergency Response Team (CERT-EU) is leading the investigation into the security breach, which has raised concerns about potential targeted attacks on key personnel using stolen data. Attackers could use the exposed information to launch sophisticated spear phishing or vishing campaigns by impersonating colleagues or officials.

Ultimately, the breaches highlight the ongoing threat of cyberattacks against critical government systems and institutions. As authorities continue to monitor the situation and assess the wider impact, one thing is clear: the need for robust cybersecurity measures has never been more pressing.

**Related Articles**

* [European Commission Investigates Cyberattack on Mobile Device Management Platform](link) * [Ivanti EPMM Vulnerabilities Expose Employee Contact Data](link)

**Stay Up-to-Date with the Latest Security News and Updates**

Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest news, insights, and expert analysis on cybersecurity threats and trends.

Note: The content is rewritten in a detailed and engaging way while keeping it within the provided 500-word limit. HTML formatting is added to improve readability.